From 18609ec80e36d06494ba7412f7a8fb385cfbfc52 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 13 Jan 2023 22:43:38 +0000 Subject: [PATCH 001/175] VERY rough starting point for a v6 container. Lots of stuff removed/commented out just to make the container start - things will need revisiting once we are settled on how we will configure FTL from the CLI Tests will fail for sure. Can't seem to make it work without host-mounting /etc/pihole at the moment Signed-off-by: Adam Warner --- src/s6/debian-root/usr/local/bin/_startup.sh | 4 ++-- .../usr/local/bin/bash_functions.sh | 13 ++++------- src/s6/debian-root/usr/local/bin/install.sh | 23 ++++++++++++++----- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/src/s6/debian-root/usr/local/bin/_startup.sh b/src/s6/debian-root/usr/local/bin/_startup.sh index 4f27f24..5ed0997 100755 --- a/src/s6/debian-root/usr/local/bin/_startup.sh +++ b/src/s6/debian-root/usr/local/bin/_startup.sh @@ -34,7 +34,7 @@ setup_web_password setup_web_theme setup_web_temp_unit setup_web_layout -setup_web_php_env +# setup_web_php_env # lighttpd setup # =========================== @@ -50,7 +50,7 @@ setup_blocklists setup_FTL_upstream_DNS [[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp apply_FTL_Configs_From_Env -setup_FTL_User +# setup_FTL_User setup_FTL_Interface setup_FTL_ListeningBehaviour setup_FTL_CacheSize diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/s6/debian-root/usr/local/bin/bash_functions.sh index 14c766a..1164577 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh @@ -113,10 +113,7 @@ ensure_basic_configuration() { changeFTLsetting "MACVENDORDB" "/macvendor.db" fi - # When fresh empty directory volumes are used then we need to create this file - if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then - cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/ - fi; + # setup_or_skip_gravity } validate_env() { @@ -197,7 +194,7 @@ setup_FTL_CacheSize() { echo " [i] Custom CUSTOM_CACHE_SIZE set to $custom_cache_size" change_setting "CACHE_SIZE" "$custom_cache_size" - sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location} + # sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location} } apply_FTL_Configs_From_Env(){ @@ -231,13 +228,13 @@ setup_FTL_query_logging(){ if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then echo " [i] Disabling Query Logging" change_setting "QUERY_LOGGING" "$QUERY_LOGGING_OVERRIDE" - removeKey "${dnsmasqconfig}" log-queries + #removeKey "${dnsmasqconfig}" log-queries else # If it is anything other than false, set it to true change_setting "QUERY_LOGGING" "true" # Set pihole logging on for good measure echo " [i] Enabling Query Logging" - addKey "${dnsmasqconfig}" log-queries + #addKey "${dnsmasqconfig}" log-queries fi } @@ -332,7 +329,7 @@ setup_FTL_ProcessDNSSettings(){ # shellcheck source=/dev/null . /opt/pihole/webpage.sh - ProcessDNSSettings + # ProcessDNSSettings } setup_lighttpd_bind() { diff --git a/src/s6/debian-root/usr/local/bin/install.sh b/src/s6/debian-root/usr/local/bin/install.sh index 77d17cb..b4abb1c 100644 --- a/src/s6/debian-root/usr/local/bin/install.sh +++ b/src/s6/debian-root/usr/local/bin/install.sh @@ -65,13 +65,24 @@ export USER=pihole export PIHOLE_SKIP_OS_CHECK=true -# Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated -curl -sSL https://install.pi-hole.net | bash -sex -- --unattended +# # Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated +# curl -sSL https://install.pi-hole.net | bash -sex -- --unattended -# At this stage, if we are building a :nightly tag, then switch the Pi-hole install to dev versions -if [[ "${DOCKER_TAG}" = 'nightly' ]]; then - yes | pihole checkout dev -fi +# # At this stage, if we are building a :nightly tag, then switch the Pi-hole install to dev versions +# if [[ "${DOCKER_TAG}" = 'nightly' ]]; then +# yes | pihole checkout dev +# fi + +git clone https://github.com/pi-hole/adminLTE /var/www/html/admin +cd /var/www/html/admin +git checkout new/FTL_is_my_new_home + +echo "new/http" | tee /etc/pihole/ftlbranch + +sudo git clone https://github.com/pi-hole/pi-hole /etc/.pihole +cd /etc/.pihole +sudo git checkout development-v6 +bash -ex /etc/.pihole/automated\ install/basic-install.sh --unattended sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf From 45f2d2dad6d81f82eb1cf4fa01697b542d4e5960 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 13 Jan 2023 22:56:52 +0000 Subject: [PATCH 002/175] switch out the base image for debian with for now - fewer packages pre-installed than the pihole base image --- src/Dockerfile | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 28e7514..0b5bf8a 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,5 +1,17 @@ ARG PIHOLE_BASE -FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}" +# FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}" +FROM debian:bullseye-slim +RUN apt-get update \ + && apt-get install --no-install-recommends -y \ + # Packages Specific to Docker: + procps \ + xz-utils \ + curl \ + ca-certificates \ + git \ + sudo \ + && rm -rf /var/lib/apt/lists/* + ARG PIHOLE_DOCKER_TAG RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag From a27bd400c2ae217c0a631afb4337e6f46d63da2e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 13 Jan 2023 23:23:07 +0000 Subject: [PATCH 003/175] Oh yeah, we don't need these lighttpd files any more... --- .../s6-rc.d/_postFTL/dependencies.d/lighttpd | 0 .../s6-rc.d/lighttpd-access-log/down | 0 .../s6-rc.d/lighttpd-access-log/finish | 8 ----- .../s6-rc.d/lighttpd-access-log/run | 5 --- .../s6-rc.d/lighttpd-access-log/type | 1 - .../s6-rc.d/lighttpd-error-log/down | 0 .../s6-rc.d/lighttpd-error-log/finish | 8 ----- .../s6-overlay/s6-rc.d/lighttpd-error-log/run | 5 --- .../s6-rc.d/lighttpd-error-log/type | 1 - .../lighttpd/dependencies.d/pihole-FTL | 0 .../etc/s6-overlay/s6-rc.d/lighttpd/finish | 6 ---- .../etc/s6-overlay/s6-rc.d/lighttpd/run | 34 ------------------- .../etc/s6-overlay/s6-rc.d/lighttpd/type | 1 - .../s6-rc.d/user/contents.d/lighttpd | 0 14 files changed, 69 deletions(-) delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/lighttpd delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/down delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/down delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/dependencies.d/pihole-FTL delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/lighttpd diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/lighttpd b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/lighttpd deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/down b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/down deleted file mode 100755 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish deleted file mode 100755 index d3da477..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish +++ /dev/null @@ -1,8 +0,0 @@ -#!/command/with-contenv bash - -s6-echo "Stopping lighttpd-access-log" -pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+access\.log" |cut -f1 -d" ") -if [[ -n ${pid} ]]; then - kill -9 ${pid} -fi -s6-echo "Stopped lighttpd-access-log" diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run deleted file mode 100755 index c1d379e..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/command/with-contenv bash - -s6-echo "Starting lighttpd-access-log" - -s6-setuidgid www-data cat /var/log/lighttpd/access-pihole.log 2>&1 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type deleted file mode 100755 index 1780f9f..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/down b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/down deleted file mode 100755 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish deleted file mode 100755 index fe649a2..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish +++ /dev/null @@ -1,8 +0,0 @@ -#!/command/with-contenv bash - -s6-echo "Stopping lighttpd-error-log" -pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+error\.log" |cut -f1 -d" ") -if [[ -n ${pid} ]]; then - kill -9 ${pid} -fi -s6-echo "Stopped lighttpd-error-log" diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run deleted file mode 100755 index 59fe79b..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/command/with-contenv bash - -s6-echo "Starting lighttpd-error-log" - -s6-setuidgid www-data cat /var/log/lighttpd/error-pihole.log 2>&1 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type deleted file mode 100755 index 1780f9f..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/dependencies.d/pihole-FTL b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/dependencies.d/pihole-FTL deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish deleted file mode 100755 index 0f6e5e3..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish +++ /dev/null @@ -1,6 +0,0 @@ -#!/command/with-contenv bash - -s6-echo "Stopping lighttpd" -service lighttpd-access-log stop -service lighttpd-error-log stop -killall -9 lighttpd diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run deleted file mode 100755 index cbf9878..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run +++ /dev/null @@ -1,34 +0,0 @@ -#!/command/with-contenv bash - -if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x ; -fi - -if [[ 1 -eq ${WEBLOGS_STDOUT:-0} ]]; then - #lighthttpd cannot use /dev/stdout https://redmine.lighttpd.net/issues/2731 - for fi in /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log - do - if [[ ! -p ${fi} ]]; then - rm -f ${fi} - mkfifo -m 600 ${fi} - fi - done - chown -R www-data:www-data /var/log/lighttpd - service lighttpd-access-log start - service lighttpd-error-log start - sleep 2 -else - #remove fifo if exists - [[ -p /var/log/lighttpd/access-pihole.log ]] && rm -Rf /var/log/lighttpd/access-pihole.log - [[ -p /var/log/lighttpd/error-pihole.log ]] && rm -Rf /var/log/lighttpd/error-pihole.log - - # install /dev/null log files to ensure they exist (create if non-existing, preserve if existing) - [[ ! -f /var/log/lighttpd/access-pihole.log ]] && install /dev/null /var/log/lighttpd/access-pihole.log - [[ ! -f /var/log/lighttpd/error-pihole.log ]] && install /dev/null /var/log/lighttpd/error-pihole.log - - # Ensure that permissions are set so that lighttpd can write to the logs - chown -R www-data:www-data /var/log/lighttpd - chmod 0644 /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log -fi - -lighttpd -D -f /etc/lighttpd/lighttpd.conf diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type deleted file mode 100755 index 1780f9f..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/lighttpd b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/lighttpd deleted file mode 100644 index e69de29..0000000 From 99ccda1e7feb0a26385588b8589f5c5bb2503763 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 14 Jan 2023 14:00:54 +0000 Subject: [PATCH 004/175] use PADD from the PADD_FTLv6 branch Signed-off-by: Adam Warner --- src/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 0b5bf8a..605a40b 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -28,7 +28,7 @@ ARG PHP_ERROR_LOG ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log # Add PADD to the container, too. -ADD https://install.padd.sh /usr/local/bin/padd +ADD https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd RUN chmod +x /usr/local/bin/padd # IPv6 disable flag for networks/devices that do not support it From 09ccd44c545148ea16c163364f19963dafb6b613 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 14 Jan 2023 23:33:19 +0000 Subject: [PATCH 005/175] Remove some lighttpd related functions Setting web password now works Setting DHCP should work? Setting conditional forwarders should work Signed-off-by: Adam Warner --- src/s6/debian-root/usr/local/bin/_startup.sh | 10 +- .../usr/local/bin/bash_functions.sh | 208 ++++-------------- 2 files changed, 38 insertions(+), 180 deletions(-) diff --git a/src/s6/debian-root/usr/local/bin/_startup.sh b/src/s6/debian-root/usr/local/bin/_startup.sh index 5ed0997..770f223 100755 --- a/src/s6/debian-root/usr/local/bin/_startup.sh +++ b/src/s6/debian-root/usr/local/bin/_startup.sh @@ -36,11 +36,6 @@ setup_web_temp_unit setup_web_layout # setup_web_php_env -# lighttpd setup -# =========================== -setup_ipv4_ipv6 -setup_lighttpd_bind - # Misc Setup # =========================== setup_blocklists @@ -49,7 +44,7 @@ setup_blocklists # =========================== setup_FTL_upstream_DNS [[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp -apply_FTL_Configs_From_Env +# apply_FTL_Configs_From_Env # setup_FTL_User setup_FTL_Interface setup_FTL_ListeningBehaviour @@ -59,10 +54,7 @@ setup_FTL_server || true [ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED" [ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC" [ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV" -# The following must be called last! It will source setupVars.conf and override any env vars users pass in before they have been applied -setup_FTL_ProcessDNSSettings -test_configs [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/s6/debian-root/usr/local/bin/bash_functions.sh index 1164577..6d12746 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh @@ -22,12 +22,8 @@ export FTLconf="/etc/pihole/pihole-FTL.conf" export dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf" export adlistFile="/etc/pihole/adlists.list" -change_setting() { - addOrEditKeyValPair "${setupVars}" "${1}" "${2}" -} - -changeFTLsetting() { - addOrEditKeyValPair "${FTLconf}" "${1}" "${2}" +changeNewFTLSetting(){ + pihole-FTL --config "${1}" "${2}" } fix_capabilities() { @@ -75,37 +71,18 @@ fix_capabilities() { # shellcheck disable=SC2034 ensure_basic_configuration() { echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh" - # Set Debian webserver variables for installConfigs - LIGHTTPD_USER="www-data" - LIGHTTPD_GROUP="www-data" - LIGHTTPD_CFG="lighttpd.conf.debian" - installConfigs + # TODO: Is this it? installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case - if [ ! -f "${setupVars}" ]; then - install -m 644 /dev/null "${setupVars}" - echo " [i] Creating empty ${setupVars} file." - # The following setting needs to exist else the web interface version won't show in pihole -v - change_setting "INSTALL_WEB_INTERFACE" "true" - fi - set +e mkdir -p /var/run/pihole /var/log/pihole touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log - chown pihole:root /etc/lighttpd - # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command chown -R pihole:root "${PI_HOLE_INSTALL_DIR}" chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" set -e - # Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING) - - # If the setup variable file exists, - if [[ -e "${setupVars}" ]]; then - cp -f "${setupVars}" "${setupVars}.update.bak" - fi # If FTLCONF_MACVENDORDB is not set if [[ -z "${FTLCONF_MACVENDORDB:-}" ]]; then @@ -198,13 +175,15 @@ setup_FTL_CacheSize() { } apply_FTL_Configs_From_Env(){ - # Get all exported environment variables starting with FTLCONF_ as a prefix and call the changeFTLsetting + ### TODO: This is going to need a major rework to support the new FTL config file. + + # Get all exported environment variables starting with FTLCONF_ as a prefix and call the changeNewFTLSetting # function with the environment variable's suffix as the key. This allows applying any pihole-FTL.conf # setting defined here: https://docs.pi-hole.net/ftldns/configfile/ declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(|.+)\"/\1 \2/' | while read -r name value do echo " [i] Applying pihole-FTL.conf setting $name=$value" - changeFTLsetting "$name" "$value" + changeNewFTLSetting "$name" "$value" done } @@ -213,14 +192,14 @@ setup_FTL_dhcp() { echo " [!] ERROR: Won't enable DHCP server because mandatory Environment variables are missing: DHCP_START, DHCP_END and/or DHCP_ROUTER" change_setting "DHCP_ACTIVE" "false" else - change_setting "DHCP_ACTIVE" "${DHCP_ACTIVE}" - change_setting "DHCP_START" "${DHCP_START}" - change_setting "DHCP_END" "${DHCP_END}" - change_setting "DHCP_ROUTER" "${DHCP_ROUTER}" - change_setting "DHCP_LEASETIME" "${DHCP_LEASETIME}" - change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" - change_setting "DHCP_IPv6" "${DHCP_IPv6}" - change_setting "DHCP_rapid_commit" "${DHCP_rapid_commit}" + changeNewFTLSetting "dhcp.active" "${DHCP_ACTIVE}" + changeNewFTLSetting "dhcp.start" "${DHCP_START}" + changeNewFTLSetting "dhcp.end" "${DHCP_END}" + changeNewFTLSetting "dhcp.router" "${DHCP_ROUTER}" + changeNewFTLSetting "dhcp.leasetime" "${DHCP_LEASETIME}" + #changeNewFTLSetting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" + changeNewFTLSetting "dhcp.ipv6" "${DHCP_IPv6}" + changeNewFTLSetting "dhcp.rapid_commit" "${DHCP_rapid_commit}" fi } @@ -240,19 +219,11 @@ setup_FTL_query_logging(){ } setup_FTL_server(){ - [ -n "${REV_SERVER}" ] && change_setting "REV_SERVER" "$REV_SERVER" - [ -n "${REV_SERVER_DOMAIN}" ] && change_setting "REV_SERVER_DOMAIN" "$REV_SERVER_DOMAIN" - [ -n "${REV_SERVER_TARGET}" ] && change_setting "REV_SERVER_TARGET" "$REV_SERVER_TARGET" - [ -n "${REV_SERVER_CIDR}" ] && change_setting "REV_SERVER_CIDR" "$REV_SERVER_CIDR" - if [ -z "$REV_SERVER" ];then - # If the REV_SERVER* variables are set, then there is no need to add these. - # If it is not set, then adding these variables is fine, and they will be converted by the Pi-hole install script - [ -n "${CONDITIONAL_FORWARDING}" ] && change_setting "CONDITIONAL_FORWARDING" "$CONDITIONAL_FORWARDING" - [ -n "${CONDITIONAL_FORWARDING_IP}" ] && change_setting "CONDITIONAL_FORWARDING_IP" "$CONDITIONAL_FORWARDING_IP" - [ -n "${CONDITIONAL_FORWARDING_DOMAIN}" ] && change_setting "CONDITIONAL_FORWARDING_DOMAIN" "$CONDITIONAL_FORWARDING_DOMAIN" - [ -n "${CONDITIONAL_FORWARDING_REVERSE}" ] && change_setting "CONDITIONAL_FORWARDING_REVERSE" "$CONDITIONAL_FORWARDING_REVERSE" - fi + [ -n "${REV_SERVER}" ] && changeNewFTLSetting "dnsmasq.rev_server.active" "$REV_SERVER" + [ -n "${REV_SERVER_DOMAIN}" ] && changeNewFTLSetting "dnsmasq.rev_server.domain" "$REV_SERVER_DOMAIN" + [ -n "${REV_SERVER_TARGET}" ] && changeNewFTLSetting "dnsmasq.rev_server.target" "$REV_SERVER_TARGET" + [ -n "${REV_SERVER_CIDR}" ] && changeNewFTLSetting "dnsmasq.rev_server.cidr" "$REV_SERVER_CIDR" } setup_FTL_upstream_DNS(){ @@ -267,127 +238,39 @@ setup_FTL_upstream_DNS(){ # Parse the PIHOLE_DNS variable, if it exists, and apply upstream servers to Pi-hole config if [ -n "${PIHOLE_DNS_}" ]; then echo " [i] Setting DNS servers based on PIHOLE_DNS_ variable" - # Remove any PIHOLE_DNS_ entries from setupVars.conf, if they exist - sed -i '/PIHOLE_DNS_/d' /etc/pihole/setupVars.conf - # Split into an array (delimited by ;) - # Loop through and add them one by one to setupVars.conf - IFS=";" read -r -a PIHOLE_DNS_ARR <<< "${PIHOLE_DNS_}" - count=1 - valid_entries=0 - for i in "${PIHOLE_DNS_ARR[@]}"; do - # Ensure we don't have an empty value first (see https://github.com/pi-hole/docker-pi-hole/issues/1174#issuecomment-1228763422 ) - if [ -n "$i" ]; then - if valid_ip "$i" || valid_ip6 "$i" ; then - change_setting "PIHOLE_DNS_$count" "$i" - ((count=count+1)) - ((valid_entries=valid_entries+1)) - continue - fi - # shellcheck disable=SC2086 - if [ -n "$(dig +short ${i//#*/})" ]; then - # If the "address" is a domain (for example a docker link) then try to resolve it and add - # the result as a DNS server in setupVars.conf. - resolved_ip="$(dig +short ${i//#*/} | head -n 1)" - if [ -n "${i//*#/}" ] && [ "${i//*#/}" != "${i//#*/}" ]; then - resolved_ip="${resolved_ip}#${i//*#/}" - fi - echo "Resolved ${i} from PIHOLE_DNS_ as: ${resolved_ip}" - if valid_ip "$resolved_ip" || valid_ip6 "$resolved_ip" ; then - change_setting "PIHOLE_DNS_$count" "$resolved_ip" - ((count=count+1)) - ((valid_entries=valid_entries+1)) - continue - fi - fi - # If the above tests fail then this is an invalid DNS server - echo " [!] Invalid entry detected in PIHOLE_DNS_: ${i}" - fi - done + # Replace all semi-colons in PIHOLE_DNS_ with escaped double quote, comma, and escaped double quote + # This is to create a valid JSON array string + changeNewFTLSetting "dnsmasq.upstreams" "[\"${PIHOLE_DNS_//;/\",\"}\"]" + + # TODO: Discuss with @DL6ER if pihole-FTL should be modified to accept a semicolon delimited string for simplicity + # ALso noted during testing that FTL will fall over if an invalid hostname is passed into the array + # I have removed a lot of validation code from this side of things for now, but may be worth revisiting it. (and make it easier to read than it was) - if [ $valid_entries -eq 0 ]; then - echo " [!] No Valid entries detected in PIHOLE_DNS_. Aborting" - exit 1 - fi else # Environment variable has not been set, but there may be existing values in an existing setupVars.conf # if this is the case, we do not want to overwrite these with the defaults of 8.8.8.8 and 8.8.4.4 # Pi-hole can run with only one upstream configured, so we will just check for one. + + # TODO: setupVars is going to be deprecated in the future, so this code will need to be revisited setupVarsDNS="$(grep 'PIHOLE_DNS_' /etc/pihole/setupVars.conf || true)" if [ -z "${setupVarsDNS}" ]; then echo " [i] Configuring default DNS servers: 8.8.8.8, 8.8.4.4" - change_setting "PIHOLE_DNS_1" "8.8.8.8" - change_setting "PIHOLE_DNS_2" "8.8.4.4" + changeNewFTLSetting "dnsmasq.upstreams" "[\"8.8.8.8\",\"8.8.4.4\"]" else echo " [i] Existing DNS servers detected in setupVars.conf. Leaving them alone" fi fi } -setup_FTL_ProcessDNSSettings(){ - # Commit settings to 01-pihole.conf +# setup_FTL_ProcessDNSSettings(){ +# # Commit settings to 01-pihole.conf - # shellcheck source=/dev/null - . /opt/pihole/webpage.sh - # ProcessDNSSettings -} +# # shellcheck source=/dev/null +# #. /opt/pihole/webpage.sh +# # ProcessDNSSettings +# } -setup_lighttpd_bind() { - local bind_addr="${WEB_BIND_ADDR}" - - if [[ -z "$bind_addr" ]]; then - # if using '--net=host' bind lighttpd on $FTLCONF_LOCAL_IPV4 (for backward compatibility with #154). - if grep -q "docker" /proc/net/dev && [[ $FTLCONF_LOCAL_IPV4 != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system - echo " [i] WARNING: running in host network mode forces lighttpd's bind address to \$FTLCONF_LOCAL_IPV4 ($FTLCONF_LOCAL_IPV4)." - echo " [i] This behaviour is deprecated and will be removed in a future version. If your installation depends on a custom bind address (not 0.0.0.0) you should set the \$WEB_BIND_ADDR environment variable to the desired value." - bind_addr="${FTLCONF_LOCAL_IPV4}" - # bind on 0.0.0.0 by default - else - bind_addr="0.0.0.0" - fi - fi - - # Overwrite lighttpd's bind address, always listen on localhost - if [[ $bind_addr != 0.0.0.0 ]]; then - if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again - sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${bind_addr}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf - fi - fi -} - -setup_web_php_env() { - local config_file - config_file="/etc/lighttpd/conf-available/15-pihole-admin.conf" - # if the environment variable VIRTUAL_HOST is not set, or is empty, then set it to the hostname of the container - VIRTUAL_HOST="${VIRTUAL_HOST:-$HOSTNAME}" - - for config_var in "VIRTUAL_HOST" "CORS_HOSTS" "PHP_ERROR_LOG" "PIHOLE_DOCKER_TAG" "TZ"; do - local beginning_of_line=" \"${config_var}\" => " - if grep -qP "^$beginning_of_line" "$config_file" ; then - # replace line if already present - sed -i "/${beginning_of_line}/c\\${beginning_of_line}\"${!config_var}\"," "$config_file" - else - # add line otherwise - sed -i "/bin-environment/ a\\${beginning_of_line}\"${!config_var}\"," "$config_file" - fi - done - - echo " [i] Added ENV to php:" - grep -E '(VIRTUAL_HOST|CORS_HOSTS|PHP_ERROR_LOG|PIHOLE_DOCKER_TAG|TZ)' "$config_file" - - # Create an additional file in the lighttpd config directory to redirect the root to the admin page - # if the host matches either VIRTUAL_HOST (Or HOSTNAME if it is not set) or FTLCONF_LOCAL_IPV4 - cat < /etc/lighttpd/conf-enabled/15-pihole-admin-redirect-docker.conf - \$HTTP["url"] == "/" { - \$HTTP["host"] == "${VIRTUAL_HOST}" { - url.redirect = ("" => "/admin/") - } - \$HTTP["host"] == "${FTLCONF_LOCAL_IPV4}" { - url.redirect = ("" => "/admin/") - } - } -END -} setup_web_port() { local warning=" [!] WARNING: Custom WEB_PORT not used" @@ -407,8 +290,8 @@ setup_web_port() { echo " [i] Custom WEB_PORT set to $web_port" echo " [i] Without proper router DNAT forwarding to ${WEB_BIND_ADDR:-$FTLCONF_LOCAL_IPV4}:$web_port, you may not get any blocked websites on ads" - # Update lighttpd's port - sed -i '/server.port\s*=\s*80\s*$/ s/80/'"${WEB_PORT}"'/g' /etc/lighttpd/lighttpd.conf + changeNewFTLSetting "http.port" "$web_port" + } @@ -468,23 +351,6 @@ setup_web_password() { fi } -setup_ipv4_ipv6() { - local ip_versions="IPv4 and IPv6" - if [ "${IPv6,,}" != "true" ] ; then - ip_versions="IPv4" - sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf - fi; - echo " [i] Using $ip_versions" -} - -test_configs() { - set -e - echo -n ' [i] Testing lighttpd config: ' - lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1 - set +e - echo " [i] All config checks passed, cleared for startup ..." -} - setup_blocklists() { # Exit/return early without setting up adlists with defaults for any of the following conditions: # 1. skip_setup_blocklists env is set From 626237a92d7e16540b42a8b5c4fdaccf5d17721e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 2 Feb 2023 20:27:43 +0000 Subject: [PATCH 006/175] Switch to `devel-v6` branch on the web interface Signed-off-by: Adam Warner --- src/s6/debian-root/usr/local/bin/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/s6/debian-root/usr/local/bin/install.sh b/src/s6/debian-root/usr/local/bin/install.sh index b4abb1c..375c78b 100644 --- a/src/s6/debian-root/usr/local/bin/install.sh +++ b/src/s6/debian-root/usr/local/bin/install.sh @@ -75,7 +75,7 @@ export PIHOLE_SKIP_OS_CHECK=true git clone https://github.com/pi-hole/adminLTE /var/www/html/admin cd /var/www/html/admin -git checkout new/FTL_is_my_new_home +git checkout devel-v6 echo "new/http" | tee /etc/pihole/ftlbranch From a6a7914a2b4867cc9cd4841416a8aa7260e810d7 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 3 Feb 2023 18:19:34 +0000 Subject: [PATCH 007/175] update macvendor setting Signed-off-by: Adam Warner --- src/s6/debian-root/usr/local/bin/bash_functions.sh | 2 +- src/s6/debian-root/usr/local/bin/install.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/s6/debian-root/usr/local/bin/bash_functions.sh index 6d12746..51cd7d9 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh @@ -87,7 +87,7 @@ ensure_basic_configuration() { # If FTLCONF_MACVENDORDB is not set if [[ -z "${FTLCONF_MACVENDORDB:-}" ]]; then # User is not passing in a custom location - so force FTL to use the file we moved to / during the build - changeFTLsetting "MACVENDORDB" "/macvendor.db" + changeNewFTLSetting "files.macvendor" "/macvendor.db" fi # setup_or_skip_gravity diff --git a/src/s6/debian-root/usr/local/bin/install.sh b/src/s6/debian-root/usr/local/bin/install.sh index 375c78b..b935516 100644 --- a/src/s6/debian-root/usr/local/bin/install.sh +++ b/src/s6/debian-root/usr/local/bin/install.sh @@ -79,9 +79,9 @@ git checkout devel-v6 echo "new/http" | tee /etc/pihole/ftlbranch -sudo git clone https://github.com/pi-hole/pi-hole /etc/.pihole +git clone https://github.com/pi-hole/pi-hole /etc/.pihole cd /etc/.pihole -sudo git checkout development-v6 +git checkout development-v6 bash -ex /etc/.pihole/automated\ install/basic-install.sh --unattended sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf From 87c0103c5661e4f7be55c461e13e5a41114230a4 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 5 Feb 2023 20:56:05 +0000 Subject: [PATCH 008/175] set ownership of pihole.toml in start up Signed-off-by: Adam Warner --- src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run index e34a810..dad290a 100755 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run +++ b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run @@ -17,7 +17,7 @@ mkdir -pm 0755 /run/pihole /var/log/pihole # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole -chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases +chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /etc/pihole/pihole.toml # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist chmod -f 0644 /etc/pihole/macvendor.db From d0790440cdf2c5a06f8062370b349a25c80ad5b8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 5 Feb 2023 21:21:49 +0000 Subject: [PATCH 009/175] What setupVars? Signed-off-by: Adam Warner --- src/s6/debian-root/usr/local/bin/_startup.sh | 6 +- .../usr/local/bin/bash_functions.sh | 95 ++++++++----------- src/s6/debian-root/usr/local/bin/install.sh | 17 +--- 3 files changed, 41 insertions(+), 77 deletions(-) diff --git a/src/s6/debian-root/usr/local/bin/_startup.sh b/src/s6/debian-root/usr/local/bin/_startup.sh index 770f223..ad98d77 100755 --- a/src/s6/debian-root/usr/local/bin/_startup.sh +++ b/src/s6/debian-root/usr/local/bin/_startup.sh @@ -51,9 +51,9 @@ setup_FTL_ListeningBehaviour setup_FTL_CacheSize setup_FTL_query_logging setup_FTL_server || true -[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED" -[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC" -[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV" +[ -n "${DNS_FQDN_REQUIRED}" ] && setFTLConfigValue dns.domainNeeded "$DNS_FQDN_REQUIRED" +[ -n "${DNSSEC}" ] && setFTLConfigValue dns.dnssec "$DNSSEC" +[ -n "${DNS_BOGUS_PRIV}" ] && setFTLConfigValue dns.bogusPriv "$DNS_BOGUS_PRIV" [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/s6/debian-root/usr/local/bin/bash_functions.sh index 51cd7d9..3b0fd3f 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh @@ -17,15 +17,10 @@ # shellcheck source=/dev/null . /opt/pihole/utils.sh -export setupVars="/etc/pihole/setupVars.conf" export FTLconf="/etc/pihole/pihole-FTL.conf" export dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf" export adlistFile="/etc/pihole/adlists.list" -changeNewFTLSetting(){ - pihole-FTL --config "${1}" "${2}" -} - fix_capabilities() { # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container: # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep @@ -52,7 +47,7 @@ fix_capabilities() { echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started." echo " Please add cap_net_admin to the container's capabilities or disable DHCP." DHCP_ACTIVE='false' - change_setting "DHCP_ACTIVE" "false" + setFTLConfigValue dhcp.active false fi if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then @@ -81,13 +76,14 @@ ensure_basic_configuration() { # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command chown -R pihole:root "${PI_HOLE_INSTALL_DIR}" chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" + chown -R pihole:pihole /etc/pihole set -e # If FTLCONF_MACVENDORDB is not set if [[ -z "${FTLCONF_MACVENDORDB:-}" ]]; then # User is not passing in a custom location - so force FTL to use the file we moved to / during the build - changeNewFTLSetting "files.macvendor" "/macvendor.db" + setFTLConfigValue "files.macvendor" "/macvendor.db" fi # setup_or_skip_gravity @@ -138,12 +134,12 @@ setup_FTL_Interface(){ interfaceType='custom' fi; echo " [i] FTL binding to $interfaceType interface: $interface" - change_setting "PIHOLE_INTERFACE" "${interface}" + setFTLConfigValue dns.interface "${interface}" } setup_FTL_ListeningBehaviour(){ if [ -n "$DNSMASQ_LISTENING" ]; then - change_setting "DNSMASQ_LISTENING" "${DNSMASQ_LISTENING}" + setFTLConfigValue dns.listeningMode "${DNSMASQ_LISTENING}" fi; } @@ -170,60 +166,56 @@ setup_FTL_CacheSize() { fi echo " [i] Custom CUSTOM_CACHE_SIZE set to $custom_cache_size" - change_setting "CACHE_SIZE" "$custom_cache_size" - # sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location} + setFTLConfigValue dns.cacheSize "$custom_cache_size" } apply_FTL_Configs_From_Env(){ ### TODO: This is going to need a major rework to support the new FTL config file. - # Get all exported environment variables starting with FTLCONF_ as a prefix and call the changeNewFTLSetting + # Get all exported environment variables starting with FTLCONF_ as a prefix and call the setFTLConfigValue # function with the environment variable's suffix as the key. This allows applying any pihole-FTL.conf # setting defined here: https://docs.pi-hole.net/ftldns/configfile/ declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(|.+)\"/\1 \2/' | while read -r name value do echo " [i] Applying pihole-FTL.conf setting $name=$value" - changeNewFTLSetting "$name" "$value" + setFTLConfigValue "$name" "$value" done } setup_FTL_dhcp() { if [ -z "${DHCP_START}" ] || [ -z "${DHCP_END}" ] || [ -z "${DHCP_ROUTER}" ]; then echo " [!] ERROR: Won't enable DHCP server because mandatory Environment variables are missing: DHCP_START, DHCP_END and/or DHCP_ROUTER" - change_setting "DHCP_ACTIVE" "false" + setFTLConfigValue dhcp.active false else - changeNewFTLSetting "dhcp.active" "${DHCP_ACTIVE}" - changeNewFTLSetting "dhcp.start" "${DHCP_START}" - changeNewFTLSetting "dhcp.end" "${DHCP_END}" - changeNewFTLSetting "dhcp.router" "${DHCP_ROUTER}" - changeNewFTLSetting "dhcp.leasetime" "${DHCP_LEASETIME}" - #changeNewFTLSetting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}" - changeNewFTLSetting "dhcp.ipv6" "${DHCP_IPv6}" - changeNewFTLSetting "dhcp.rapid_commit" "${DHCP_rapid_commit}" + setFTLConfigValue dhcp.active "${DHCP_ACTIVE}" + setFTLConfigValue dhcp.start "${DHCP_START}" + setFTLConfigValue dhcp.end "${DHCP_END}" + setFTLConfigValue dhcp.router "${DHCP_ROUTER}" + setFTLConfigValue dhcp.leasetime "${DHCP_LEASETIME}" + #setFTLConfigValue PIHOLE_DOMAIN "${PIHOLE_DOMAIN}" + setFTLConfigValue dhcp.ipv6 "${DHCP_IPv6}" + setFTLConfigValue dhcp.rapid_commit "${DHCP_rapid_commit}" fi } setup_FTL_query_logging(){ if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then echo " [i] Disabling Query Logging" - change_setting "QUERY_LOGGING" "$QUERY_LOGGING_OVERRIDE" - #removeKey "${dnsmasqconfig}" log-queries + setFTLConfigValue dns.queryLogging "${QUERY_LOGGING_OVERRIDE}" else # If it is anything other than false, set it to true - change_setting "QUERY_LOGGING" "true" - # Set pihole logging on for good measure echo " [i] Enabling Query Logging" - #addKey "${dnsmasqconfig}" log-queries + setFTLConfigValue dns.queryLogging true fi } setup_FTL_server(){ - [ -n "${REV_SERVER}" ] && changeNewFTLSetting "dnsmasq.rev_server.active" "$REV_SERVER" - [ -n "${REV_SERVER_DOMAIN}" ] && changeNewFTLSetting "dnsmasq.rev_server.domain" "$REV_SERVER_DOMAIN" - [ -n "${REV_SERVER_TARGET}" ] && changeNewFTLSetting "dnsmasq.rev_server.target" "$REV_SERVER_TARGET" - [ -n "${REV_SERVER_CIDR}" ] && changeNewFTLSetting "dnsmasq.rev_server.cidr" "$REV_SERVER_CIDR" + [ -n "${REV_SERVER}" ] && setFTLConfigValue "dnsmasq.rev_server.active" "$REV_SERVER" + [ -n "${REV_SERVER_DOMAIN}" ] && setFTLConfigValue "dnsmasq.rev_server.domain" "$REV_SERVER_DOMAIN" + [ -n "${REV_SERVER_TARGET}" ] && setFTLConfigValue "dnsmasq.rev_server.target" "$REV_SERVER_TARGET" + [ -n "${REV_SERVER_CIDR}" ] && setFTLConfigValue "dnsmasq.rev_server.cidr" "$REV_SERVER_CIDR" } setup_FTL_upstream_DNS(){ @@ -240,25 +232,24 @@ setup_FTL_upstream_DNS(){ echo " [i] Setting DNS servers based on PIHOLE_DNS_ variable" # Replace all semi-colons in PIHOLE_DNS_ with escaped double quote, comma, and escaped double quote # This is to create a valid JSON array string - changeNewFTLSetting "dnsmasq.upstreams" "[\"${PIHOLE_DNS_//;/\",\"}\"]" + setFTLConfigValue dns.upstreams "[\"${PIHOLE_DNS_//;/\",\"}\"]" # TODO: Discuss with @DL6ER if pihole-FTL should be modified to accept a semicolon delimited string for simplicity # ALso noted during testing that FTL will fall over if an invalid hostname is passed into the array # I have removed a lot of validation code from this side of things for now, but may be worth revisiting it. (and make it easier to read than it was) else - # Environment variable has not been set, but there may be existing values in an existing setupVars.conf + # Environment variable has not been set, but there may be existing values in an existing pihole.toml # if this is the case, we do not want to overwrite these with the defaults of 8.8.8.8 and 8.8.4.4 # Pi-hole can run with only one upstream configured, so we will just check for one. - # TODO: setupVars is going to be deprecated in the future, so this code will need to be revisited - setupVarsDNS="$(grep 'PIHOLE_DNS_' /etc/pihole/setupVars.conf || true)" + emptyTomlUpstreams="$(grep 'upstreams = \[ \]' /etc/pihole/pihole.toml || true)" - if [ -z "${setupVarsDNS}" ]; then + if [ -n "${emptyTomlUpstreams}" ]; then echo " [i] Configuring default DNS servers: 8.8.8.8, 8.8.4.4" - changeNewFTLSetting "dnsmasq.upstreams" "[\"8.8.8.8\",\"8.8.4.4\"]" + setFTLConfigValue dns.upstreams "[\"8.8.8.8\",\"8.8.4.4\"]" else - echo " [i] Existing DNS servers detected in setupVars.conf. Leaving them alone" + echo " [i] Existing DNS servers detected in pihole.toml. Leaving them alone" fi fi } @@ -290,9 +281,7 @@ setup_web_port() { echo " [i] Custom WEB_PORT set to $web_port" echo " [i] Without proper router DNAT forwarding to ${WEB_BIND_ADDR:-$FTLCONF_LOCAL_IPV4}:$web_port, you may not get any blocked websites on ads" - changeNewFTLSetting "http.port" "$web_port" - - + setFTLConfigValue webserver.port "$web_port" } setup_web_theme(){ @@ -302,11 +291,11 @@ setup_web_theme(){ case "${WEBTHEME}" in "default-dark" | "default-darker" | "default-light" | "default-auto" | "lcars") echo " [i] Setting Web Theme based on WEBTHEME variable, using value ${WEBTHEME}" - change_setting "WEBTHEME" "${WEBTHEME}" + setFTLConfigValue webserver.interface.theme "${WEBTHEME}" ;; *) echo " [!] Invalid theme name supplied: ${WEBTHEME}, falling back to default-light." - change_setting "WEBTHEME" "default-light" + setFTLConfigValue webserver.interface.theme "default-light" ;; esac fi @@ -324,8 +313,10 @@ setup_web_password() { if [ -z "${WEBPASSWORD+x}" ] ; then # ENV WEBPASSWORD_OVERRIDE is not set - # Exit if setupvars already has a password - setup_var_exists "WEBPASSWORD" && return + # Exit if password is already set (TODO: Revisit this. Maybe make setting password in environment variable mandatory?) + if [[ $(pihole-FTL --config webserver.api.pwhash) != '""' ]]; then + return + fi # Generate new random password WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) echo " [i] Assigning random password: $WEBPASSWORD" @@ -375,18 +366,6 @@ setup_blocklists() { cat "${adlistFile}" } -setup_var_exists() { - local KEY="$1" - if [ -n "$2" ]; then - local REQUIRED_VALUE="[^\n]+" - fi - if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then - echo " [i] Pre existing ${KEY} found" - true - else - false - fi -} setup_web_temp_unit() { local UNIT="${TEMPERATUREUNIT}" @@ -405,7 +384,7 @@ setup_web_layout() { if [[ "$LO" != "" ]] ; then # check if we have valid types boxed | traditional if [[ "$LO" == "traditional" || "$LO" == "boxed" ]] ; then - change_setting "WEBUIBOXEDLAYOUT" "$WEBUIBOXEDLAYOUT" + setFTLConfigValue webserver.interface.boxed "$LO" fi fi } diff --git a/src/s6/debian-root/usr/local/bin/install.sh b/src/s6/debian-root/usr/local/bin/install.sh index b935516..aba333c 100644 --- a/src/s6/debian-root/usr/local/bin/install.sh +++ b/src/s6/debian-root/usr/local/bin/install.sh @@ -7,8 +7,6 @@ mkdir -p /var/run/pihole CORE_LOCAL_REPO=/etc/.pihole WEB_LOCAL_REPO=/var/www/html/admin -setupVars=/etc/pihole/setupVars.conf - detect_arch() { DETECTED_ARCH=$(dpkg --print-architecture) S6_ARCH=$DETECTED_ARCH @@ -48,19 +46,6 @@ curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6 mv /init /s6-init # ###################################################################################### -# Preseed variables to assist with using --unattended install -{ - echo "PIHOLE_INTERFACE=eth0" - echo "IPV4_ADDRESS=0.0.0.0" - echo "IPV6_ADDRESS=0:0:0:0:0:0" - echo "PIHOLE_DNS_1=8.8.8.8" - echo "QUERY_LOGGING=true" - echo "INSTALL_WEB_SERVER=true" - echo "INSTALL_WEB_INTERFACE=true" - echo "LIGHTTPD_ENABLED=true" -}>> "${setupVars}" -source $setupVars - export USER=pihole export PIHOLE_SKIP_OS_CHECK=true @@ -84,7 +69,7 @@ cd /etc/.pihole git checkout development-v6 bash -ex /etc/.pihole/automated\ install/basic-install.sh --unattended -sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf +pihole-FTL --config webserver.api.pwhash "" # sed a new function into the `pihole` script just above the `helpFunc()` function for later use. sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n echo "Function not supported in Docker images"\\\n exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole From 7d93b94a53493508ab966b8fb2685daae134d633 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 5 Feb 2023 22:04:17 +0000 Subject: [PATCH 010/175] Allow setting custom WEB_PORT to 80 (todo: Look at a new catchall for FTL config settings) Signed-off-by: Adam Warner --- src/s6/debian-root/usr/local/bin/bash_functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/s6/debian-root/usr/local/bin/bash_functions.sh index 3b0fd3f..6745561 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh @@ -266,7 +266,7 @@ setup_FTL_upstream_DNS(){ setup_web_port() { local warning=" [!] WARNING: Custom WEB_PORT not used" # Quietly exit early for empty or default - if [[ -z "${WEB_PORT}" || "${WEB_PORT}" == '80' ]] ; then return ; fi + if [[ -z "${WEB_PORT}" ]] ; then return ; fi if ! echo "$WEB_PORT" | grep -q '^[0-9][0-9]*$' ; then echo "$warning - $WEB_PORT is not an integer" From 4ec50469c70fcd450726eb02332254ed0b9bd023 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 5 Feb 2023 23:55:24 +0000 Subject: [PATCH 011/175] !!!BREAKING!!! Use this as an oppurtunity to tidy up/uniform the environment variables. Most things can be set directly in pihole.toml these days, so will convert variables in the format of FTLCONF_key or FTLCONF_key_subkey etc into key or key.subkey respectively and apply them to the config This also takes away a lot of the error handling - but that should likely be in FTL if anywhere, anyway. Vastly simplifies startup in docker Signed-off-by: Adam Warner --- README.md | 40 +-- src/Dockerfile | 2 +- src/s6/debian-root/usr/local/bin/_startup.sh | 22 +- .../usr/local/bin/bash_functions.sh | 231 ++---------------- 4 files changed, 33 insertions(+), 262 deletions(-) diff --git a/README.md b/README.md index a0e21b5..7b98b5c 100644 --- a/README.md +++ b/README.md @@ -96,46 +96,24 @@ There are other environment variables if you want to customize various things in | -------- | ------- | ----- | ---------- | | `TZ` | UTC | `` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. | `WEBPASSWORD` | random | `` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass. +| `FTLCONF_dns_upstreams` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4`
(supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0;upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services
Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation | | `FTLCONF_LOCAL_IPV4` | unset | `` | Set to your server's LAN IP, used by web block modes. ### Optional Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -| `PIHOLE_DNS_` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4`
(supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0;upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services
Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation | -| `DNSSEC` | `false` | `<"true"\|"false">` | Enable DNSSEC support | -| `DNS_BOGUS_PRIV` | `true` |`<"true"\|"false">`| Never forward reverse lookups for private ranges | -| `DNS_FQDN_REQUIRED` | `true` | `<"true"\|"false">`| Never forward non-FQDNs | -| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution | -| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router | -| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router | -| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) | -| `DHCP_ACTIVE` | `false` | `<"true"\|"false">` | Enable DHCP server. Static DHCP leases can be configured with a custom `/etc/dnsmasq.d/04-pihole-static-dhcp.conf` -| `DHCP_START` | unset | `` | Start of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled). -| `DHCP_END` | unset | `` | End of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled). -| `DHCP_ROUTER` | unset | `` | Router (gateway) IP address sent by the DHCP server (mandatory if DHCP server is enabled). -| `DHCP_LEASETIME` | 24 | `` | DHCP lease time in hours. -| `PIHOLE_DOMAIN` | `lan` | `` | Domain name sent by the DHCP server. -| `DHCP_IPv6` | `false` | `<"true"\|"false">` | Enable DHCP server IPv6 support (SLAAC + RA). -| `DHCP_rapid_commit` | `false` | `<"true"\|"false">` | Enable DHCPv4 rapid commit (fast address assignment). | `VIRTUAL_HOST` | `${HOSTNAME}` | `` | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address | `IPv6` | `true` | `<"true"\|"false">` | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false. -| `TEMPERATUREUNIT` | `c` | `` | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
Note: This only affects chronometer and PADD. The web interface's temperature unit is set on a per-browser basis in the UI settings -| `WEBUIBOXEDLAYOUT` | `boxed` | `` | Use boxed layout (helpful when working on large screens) | `QUERY_LOGGING` | `true` | `<"true"\|"false">` | Enable query logging or not. -| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light"\|"default-auto"\|"lcars">`| User interface theme to use. | `WEBPASSWORD_FILE`| unset | `` |Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored. If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`. ### Advanced Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -| `INTERFACE` | unset | `` | The default works fine with our basic example docker run commands. If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING. -| `DNSMASQ_LISTENING` | unset | `` | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified. -| `WEB_PORT` | unset | `` | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument. This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc) | `WEB_BIND_ADDR` | unset | `` | Lighttpd's bind address. If left unset lighttpd will bind to every interface, except when running in host networking mode where it will use `FTLCONF_LOCAL_IPV4` instead. | `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. | `CORS_HOSTS` | unset | `` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported. Eg: `CORS_HOSTS: domain.com,home.domain.com,www.domain.com`. -| `CUSTOM_CACHE_SIZE` | `10000` | Number | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored. | `FTL_CMD` | `no-daemon` | `no-daemon -- ` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. | | `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the [FTLDNS Configuration page](https://docs.pi-hole.net/ftldns/configfile/). For example, to customize LOCAL_IPV4, ensure you have the `FTLCONF_LOCAL_IPV4` environment variable set. @@ -149,22 +127,6 @@ There are other environment variables if you want to customize various things in | `WEB_GID` | `33` | Number | Overrides image's default www-data group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container! (Make sure it is different to `PIHOLE_GID` if you are using that, also)| | `WEBLOGS_STDOUT` | 0 | 0|1 | 0 logs to defined files, 1 redirect access and error logs to stdout | -## Deprecated environment variables: -While these may still work, they are likely to be removed in a future version. Where applicable, alternative variable names are indicated. Please review the table above for usage of the alternative variables - -| Docker Environment Var. | Description | Replaced By | -| ----------------------- | ----------- | ----------- | -| `CONDITIONAL_FORWARDING` | Enable DNS conditional forwarding for device name resolution | `REV_SERVER`| -| `CONDITIONAL_FORWARDING_IP` | If conditional forwarding is enabled, set the IP of the local network router | `REV_SERVER_TARGET` | -| `CONDITIONAL_FORWARDING_DOMAIN` | If conditional forwarding is enabled, set the domain of the local network router | `REV_SERVER_DOMAIN` | -| `CONDITIONAL_FORWARDING_REVERSE` | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`) | `REV_SERVER_CIDR` | -| `DNS1` | Primary upstream DNS provider, default is google DNS | `PIHOLE_DNS_` | -| `DNS2` | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used | `PIHOLE_DNS_` | -| `ServerIP` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_REPLY_ADDR4` | -| `ServerIPv6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_REPLY_ADDR6` | -| `FTLCONF_REPLY_ADDR4` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_LOCAL_IPV4` | -| `FTLCONF_REPLY_ADDR6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_LOCAL_IPV6` | - To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1` Here is a rundown of other arguments for your docker-compose / docker run. diff --git a/src/Dockerfile b/src/Dockerfile index 605a40b..3968940 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -42,7 +42,7 @@ ENV S6_KEEP_ENV 1 ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2 ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME 0 -ENV FTLCONF_LOCAL_IPV4 0.0.0.0 +# ENV FTLCONF_LOCAL_IPV4 0.0.0.0 ENV FTL_CMD no-daemon ENV DNSMASQ_USER pihole diff --git a/src/s6/debian-root/usr/local/bin/_startup.sh b/src/s6/debian-root/usr/local/bin/_startup.sh index ad98d77..5cf0ab6 100755 --- a/src/s6/debian-root/usr/local/bin/_startup.sh +++ b/src/s6/debian-root/usr/local/bin/_startup.sh @@ -23,18 +23,14 @@ echo " [i] Starting docker specific checks & setup for docker pihole/pihole" # Initial checks # =========================== fix_capabilities -validate_env || exit 1 +# validate_env || exit 1 ensure_basic_configuration +apply_FTL_Configs_From_Env # Web interface setup # =========================== -setup_web_port load_web_password_secret setup_web_password -setup_web_theme -setup_web_temp_unit -setup_web_layout -# setup_web_php_env # Misc Setup # =========================== @@ -42,19 +38,9 @@ setup_blocklists # FTL setup # =========================== -setup_FTL_upstream_DNS -[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp -# apply_FTL_Configs_From_Env -# setup_FTL_User -setup_FTL_Interface -setup_FTL_ListeningBehaviour -setup_FTL_CacheSize -setup_FTL_query_logging -setup_FTL_server || true -[ -n "${DNS_FQDN_REQUIRED}" ] && setFTLConfigValue dns.domainNeeded "$DNS_FQDN_REQUIRED" -[ -n "${DNSSEC}" ] && setFTLConfigValue dns.dnssec "$DNSSEC" -[ -n "${DNS_BOGUS_PRIV}" ] && setFTLConfigValue dns.bogusPriv "$DNS_BOGUS_PRIV" +# setup_FTL_User +setup_FTL_query_logging [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/s6/debian-root/usr/local/bin/bash_functions.sh index 6745561..46a396e 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh @@ -4,14 +4,6 @@ # else it will get overridden itself when we source basic-install.sh [ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}" -# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents -[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$ServerIP" -[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$ServerIPv6" - -# Previously used FTLCONF_ equivalent has since been deprecated, also convert this one -[ -n "${FTLCONF_REPLY_ADDR4}" ] && echo "FTLCONF_REPLY_ADDR4 is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$FTLCONF_REPLY_ADDR4" -[ -n "${FTLCONF_REPLY_ADDR6}" ] && echo "FTLCONF_REPLY_ADDR6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$FTLCONF_REPLY_ADDR6" - # Some of the bash_functions use utilities from Pi-hole's utils.sh # shellcheck disable=SC2154 # shellcheck source=/dev/null @@ -42,7 +34,7 @@ fix_capabilities() { setcap ${CAP_STR:1}+ep "$(which pihole-FTL)" || ret=$? - if [[ $DHCP_READY == false ]] && [[ $DHCP_ACTIVE == true ]]; then + if [[ $DHCP_READY == false ]] && [[ $FTLCONF_dhcp_active == true ]]; then # DHCP is requested but NET_ADMIN is not available. echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started." echo " Please add cap_net_admin to the container's capabilities or disable DHCP." @@ -80,8 +72,8 @@ ensure_basic_configuration() { set -e - # If FTLCONF_MACVENDORDB is not set - if [[ -z "${FTLCONF_MACVENDORDB:-}" ]]; then + # If FTLCONF_files_macvendor is not set + if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then # User is not passing in a custom location - so force FTL to use the file we moved to / during the build setFTLConfigValue "files.macvendor" "/macvendor.db" fi @@ -89,30 +81,6 @@ ensure_basic_configuration() { # setup_or_skip_gravity } -validate_env() { - # Optional FTLCONF_LOCAL_IPV4 is a valid IP - # nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage - # if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode - if [[ "$(nc -4 -w1 -z "$FTLCONF_LOCAL_IPV4" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV4" > /dev/null ; then - echo "ERROR: FTLCONF_LOCAL_IPV4 Environment variable ($FTLCONF_LOCAL_IPV4) doesn't appear to be a valid IPv4 address" - exit 1 - fi - - # Optional IPv6 is a valid address - if [[ -n "$FTLCONF_LOCAL_IPV6" ]] ; then - if [[ "$FTLCONF_LOCAL_IPV6" == 'kernel' ]] ; then - echo " [!] ERROR: You passed in IPv6 with a value of 'kernel', this maybe because you do not have IPv6 enabled on your network" - unset FTLCONF_LOCAL_IPV6 - exit 1 - fi - if [[ "$(nc -6 -w1 -z "$FTLCONF_LOCAL_IPV6" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV6" > /dev/null ; then - echo " [!] ERROR: FTLCONF_LOCAL_IPV6 Environment variable ($FTLCONF_LOCAL_IPV6) doesn't appear to be a valid IPv6 address" - echo " TIP: If your server is not IPv6 enabled just remove '-e FTLCONF_LOCAL_IPV6' from your docker container" - exit 1 - fi - fi; -} - setup_FTL_User(){ # Run DNSMASQ as root user to avoid SHM permission issues if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then @@ -125,77 +93,37 @@ setup_FTL_User(){ fi } -setup_FTL_Interface(){ - local interface="${INTERFACE:-eth0}" - - # Set the interface for FTL to listen on - local interfaceType='default' - if [ "$interface" != 'eth0' ] ; then - interfaceType='custom' - fi; - echo " [i] FTL binding to $interfaceType interface: $interface" - setFTLConfigValue dns.interface "${interface}" -} - -setup_FTL_ListeningBehaviour(){ - if [ -n "$DNSMASQ_LISTENING" ]; then - setFTLConfigValue dns.listeningMode "${DNSMASQ_LISTENING}" - fi; -} - -setup_FTL_CacheSize() { - local warning=" [i] WARNING: CUSTOM_CACHE_SIZE not used" - local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf" - # Quietly exit early for empty or default - if [[ -z "${CUSTOM_CACHE_SIZE}" || "${CUSTOM_CACHE_SIZE}" == '10000' ]] ; then return ; fi - - if [[ "${DNSSEC}" == "true" ]] ; then - echo "$warning - Cannot change cache size if DNSSEC is enabled" - return - fi - - if ! echo "$CUSTOM_CACHE_SIZE" | grep -q '^[0-9]*$' ; then - echo "$warning - $CUSTOM_CACHE_SIZE is not an integer" - return - fi - - local -i custom_cache_size="$CUSTOM_CACHE_SIZE" - if (( custom_cache_size < 0 )); then - echo "$warning - $custom_cache_size is not a positive integer or zero" - return - fi - echo " [i] Custom CUSTOM_CACHE_SIZE set to $custom_cache_size" - - setFTLConfigValue dns.cacheSize "$custom_cache_size" -} - apply_FTL_Configs_From_Env(){ - ### TODO: This is going to need a major rework to support the new FTL config file. - # Get all exported environment variables starting with FTLCONF_ as a prefix and call the setFTLConfigValue # function with the environment variable's suffix as the key. This allows applying any pihole-FTL.conf # setting defined here: https://docs.pi-hole.net/ftldns/configfile/ + echo "" + echo "==========Applying settings from environment variables==========" + source /opt/pihole/COL_TABLE declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(|.+)\"/\1 \2/' | while read -r name value do - echo " [i] Applying pihole-FTL.conf setting $name=$value" - setFTLConfigValue "$name" "$value" - done -} + # Replace underscores wi1th dots in the name to match pihole-FTL expectiations + name="${name//_/.}" -setup_FTL_dhcp() { - if [ -z "${DHCP_START}" ] || [ -z "${DHCP_END}" ] || [ -z "${DHCP_ROUTER}" ]; then - echo " [!] ERROR: Won't enable DHCP server because mandatory Environment variables are missing: DHCP_START, DHCP_END and/or DHCP_ROUTER" - setFTLConfigValue dhcp.active false - else - setFTLConfigValue dhcp.active "${DHCP_ACTIVE}" - setFTLConfigValue dhcp.start "${DHCP_START}" - setFTLConfigValue dhcp.end "${DHCP_END}" - setFTLConfigValue dhcp.router "${DHCP_ROUTER}" - setFTLConfigValue dhcp.leasetime "${DHCP_LEASETIME}" - #setFTLConfigValue PIHOLE_DOMAIN "${PIHOLE_DOMAIN}" - setFTLConfigValue dhcp.ipv6 "${DHCP_IPv6}" - setFTLConfigValue dhcp.rapid_commit "${DHCP_rapid_commit}" - fi + # Special handing for the value if the name is dns.upstreams + if [ "$name" == "dns.upstreams" ]; then + value="[\"${value//;/\",\"}\"]" + fi + + if [ "$name" == "dns.reply.host.overwrite.v4" ]; then + name="dns.reply.host.overwrite_v4" + fi + + if $(setFTLConfigValue "${name}" "${value}" 2>&1); then + echo " ${TICK} Applied pihole-FTL setting $name=$value" + else + echo " ${CROSS} Error Applying pihole-FTL setting $name=$value" + fi + + + done + echo "================================================================" + echo "" } setup_FTL_query_logging(){ @@ -210,50 +138,6 @@ setup_FTL_query_logging(){ } -setup_FTL_server(){ - - [ -n "${REV_SERVER}" ] && setFTLConfigValue "dnsmasq.rev_server.active" "$REV_SERVER" - [ -n "${REV_SERVER_DOMAIN}" ] && setFTLConfigValue "dnsmasq.rev_server.domain" "$REV_SERVER_DOMAIN" - [ -n "${REV_SERVER_TARGET}" ] && setFTLConfigValue "dnsmasq.rev_server.target" "$REV_SERVER_TARGET" - [ -n "${REV_SERVER_CIDR}" ] && setFTLConfigValue "dnsmasq.rev_server.cidr" "$REV_SERVER_CIDR" -} - -setup_FTL_upstream_DNS(){ - if [ -z "${PIHOLE_DNS_}" ]; then - # For backward compatibility, if DNS1 and/or DNS2 are set, but PIHOLE_DNS_ is not, convert them to - # a semi-colon delimited string and store in PIHOLE_DNS_ - # They are not used anywhere if PIHOLE_DNS_ is set already - [ -n "${DNS1}" ] && echo " [i] Converting DNS1 to PIHOLE_DNS_" && PIHOLE_DNS_="$DNS1" - [[ -n "${DNS2}" && "${DNS2}" != "no" ]] && echo " [i] Converting DNS2 to PIHOLE_DNS_" && PIHOLE_DNS_="$PIHOLE_DNS_;$DNS2" - fi - - # Parse the PIHOLE_DNS variable, if it exists, and apply upstream servers to Pi-hole config - if [ -n "${PIHOLE_DNS_}" ]; then - echo " [i] Setting DNS servers based on PIHOLE_DNS_ variable" - # Replace all semi-colons in PIHOLE_DNS_ with escaped double quote, comma, and escaped double quote - # This is to create a valid JSON array string - setFTLConfigValue dns.upstreams "[\"${PIHOLE_DNS_//;/\",\"}\"]" - - # TODO: Discuss with @DL6ER if pihole-FTL should be modified to accept a semicolon delimited string for simplicity - # ALso noted during testing that FTL will fall over if an invalid hostname is passed into the array - # I have removed a lot of validation code from this side of things for now, but may be worth revisiting it. (and make it easier to read than it was) - - else - # Environment variable has not been set, but there may be existing values in an existing pihole.toml - # if this is the case, we do not want to overwrite these with the defaults of 8.8.8.8 and 8.8.4.4 - # Pi-hole can run with only one upstream configured, so we will just check for one. - - emptyTomlUpstreams="$(grep 'upstreams = \[ \]' /etc/pihole/pihole.toml || true)" - - if [ -n "${emptyTomlUpstreams}" ]; then - echo " [i] Configuring default DNS servers: 8.8.8.8, 8.8.4.4" - setFTLConfigValue dns.upstreams "[\"8.8.8.8\",\"8.8.4.4\"]" - else - echo " [i] Existing DNS servers detected in pihole.toml. Leaving them alone" - fi - fi -} - # setup_FTL_ProcessDNSSettings(){ # # Commit settings to 01-pihole.conf @@ -263,44 +147,6 @@ setup_FTL_upstream_DNS(){ # } -setup_web_port() { - local warning=" [!] WARNING: Custom WEB_PORT not used" - # Quietly exit early for empty or default - if [[ -z "${WEB_PORT}" ]] ; then return ; fi - - if ! echo "$WEB_PORT" | grep -q '^[0-9][0-9]*$' ; then - echo "$warning - $WEB_PORT is not an integer" - return - fi - - local -i web_port="$WEB_PORT" - if (( web_port < 1 || web_port > 65535 )); then - echo "$warning - $web_port is not within valid port range of 1-65535" - return - fi - echo " [i] Custom WEB_PORT set to $web_port" - echo " [i] Without proper router DNAT forwarding to ${WEB_BIND_ADDR:-$FTLCONF_LOCAL_IPV4}:$web_port, you may not get any blocked websites on ads" - - setFTLConfigValue webserver.port "$web_port" -} - -setup_web_theme(){ - # Parse the WEBTHEME variable, if it exists, and set the selected theme if it is one of the supported values. - # If an invalid theme name was supplied, setup WEBTHEME to use the default-light theme. - if [ -n "${WEBTHEME}" ]; then - case "${WEBTHEME}" in - "default-dark" | "default-darker" | "default-light" | "default-auto" | "lcars") - echo " [i] Setting Web Theme based on WEBTHEME variable, using value ${WEBTHEME}" - setFTLConfigValue webserver.interface.theme "${WEBTHEME}" - ;; - *) - echo " [!] Invalid theme name supplied: ${WEBTHEME}, falling back to default-light." - setFTLConfigValue webserver.interface.theme "default-light" - ;; - esac - fi -} - load_web_password_secret() { # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE, # allowing secrets to be passed via docker secrets @@ -365,26 +211,3 @@ setup_blocklists() { echo " [i] Blocklists (${adlistFile}) now set to:" cat "${adlistFile}" } - - -setup_web_temp_unit() { - local UNIT="${TEMPERATUREUNIT}" - # check if var is empty - if [[ "$UNIT" != "" ]] ; then - # check if we have valid units - if [[ "$UNIT" == "c" || "$UNIT" == "k" || $UNIT == "f" ]] ; then - pihole -a -"${UNIT}" - fi - fi -} - -setup_web_layout() { - local LO="${WEBUIBOXEDLAYOUT}" - # check if var is empty - if [[ "$LO" != "" ]] ; then - # check if we have valid types boxed | traditional - if [[ "$LO" == "traditional" || "$LO" == "boxed" ]] ; then - setFTLConfigValue webserver.interface.boxed "$LO" - fi - fi -} From 382367f9681f6842c4bd36b40fedfb3469f4ee1b Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 11 Feb 2023 13:59:28 +0000 Subject: [PATCH 012/175] Get config options from pihole-FTL directly Signed-off-by: Adam Warner --- src/s6/debian-root/usr/local/bin/_postFTL.sh | 8 +--- .../usr/local/bin/bash_functions.sh | 41 ++++--------------- 2 files changed, 10 insertions(+), 39 deletions(-) diff --git a/src/s6/debian-root/usr/local/bin/_postFTL.sh b/src/s6/debian-root/usr/local/bin/_postFTL.sh index b06cff5..96c1d75 100755 --- a/src/s6/debian-root/usr/local/bin/_postFTL.sh +++ b/src/s6/debian-root/usr/local/bin/_postFTL.sh @@ -5,13 +5,7 @@ if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then set -x ; fi -gravityDBfile="/etc/pihole/gravity.db" -config_file="/etc/pihole/pihole-FTL.conf" -# make a point to mention which config file we're checking, as breadcrumb to revisit if/when pihole-FTL.conf is succeeded by TOML -echo " Checking if custom gravity.db is set in ${config_file}" -if [[ -f "${config_file}" ]]; then - gravityDBfile="$(grep --color=never -Po "^GRAVITYDB=\K.*" "${config_file}" 2> /dev/null || echo "/etc/pihole/gravity.db")" -fi +gravityDBfile=$(pihole-FTL --config files.gravity) if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then if [ -n "$SKIPGRAVITYONBOOT" ];then diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/s6/debian-root/usr/local/bin/bash_functions.sh index 46a396e..2b97eec 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh @@ -9,8 +9,6 @@ # shellcheck source=/dev/null . /opt/pihole/utils.sh -export FTLconf="/etc/pihole/pihole-FTL.conf" -export dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf" export adlistFile="/etc/pihole/adlists.list" fix_capabilities() { @@ -77,20 +75,6 @@ ensure_basic_configuration() { # User is not passing in a custom location - so force FTL to use the file we moved to / during the build setFTLConfigValue "files.macvendor" "/macvendor.db" fi - - # setup_or_skip_gravity -} - -setup_FTL_User(){ - # Run DNSMASQ as root user to avoid SHM permission issues - if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then - # Change user that had been set previously to root - for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do - sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}" - done - else - echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf - fi } apply_FTL_Configs_From_Env(){ @@ -110,17 +94,18 @@ apply_FTL_Configs_From_Env(){ value="[\"${value//;/\",\"}\"]" fi - if [ "$name" == "dns.reply.host.overwrite.v4" ]; then - name="dns.reply.host.overwrite_v4" - fi - - if $(setFTLConfigValue "${name}" "${value}" 2>&1); then - echo " ${TICK} Applied pihole-FTL setting $name=$value" + if [ "$name" == "webserver.api.password" ]; then + masked_value=$(printf "%${#value}s" | tr " " "*") else - echo " ${CROSS} Error Applying pihole-FTL setting $name=$value" + masked_value=$value fi - + if $(pihole-FTL --config "${name}" "${value}" > /ftlconfoutput); then + echo " ${TICK} Applied pihole-FTL setting $name=$masked_value" + else + echo " ${CROSS} Error Applying pihole-FTL setting $name=$masked_value" + echo " ${INFO} $(cat /ftlconfoutput)" + fi done echo "================================================================" echo "" @@ -138,14 +123,6 @@ setup_FTL_query_logging(){ } -# setup_FTL_ProcessDNSSettings(){ -# # Commit settings to 01-pihole.conf - -# # shellcheck source=/dev/null -# #. /opt/pihole/webpage.sh -# # ProcessDNSSettings -# } - load_web_password_secret() { # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE, From d7a25836ad7177a1cf245b105098866ed9f77724 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 15 Feb 2023 23:48:53 +0000 Subject: [PATCH 013/175] checkpoint Signed-off-by: Adam Warner --- src/Dockerfile | 146 ++++++++++++------ .../usr/local/bin => }/bash_functions.sh | 132 ++++++++++------ src/start.sh | 111 +++++++++++++ 3 files changed, 295 insertions(+), 94 deletions(-) rename src/{s6/debian-root/usr/local/bin => }/bash_functions.sh (67%) create mode 100644 src/start.sh diff --git a/src/Dockerfile b/src/Dockerfile index 3968940..50b4fb4 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,53 +1,111 @@ -ARG PIHOLE_BASE -# FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}" -FROM debian:bullseye-slim -RUN apt-get update \ - && apt-get install --no-install-recommends -y \ - # Packages Specific to Docker: - procps \ - xz-utils \ - curl \ - ca-certificates \ - git \ - sudo \ - && rm -rf /var/lib/apt/lists/* +# FROM ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim + +FROM alpine:latest + +# download a repo from github +RUN apk add --no-cache git libcap bash + +# download a repo from github +RUN git clone --branch devel-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin +RUN git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole + +# Download the latest version of pihole-FTL for alpine: +# Probably need this to be built for different architectures +ADD https://ftl.pi-hole.net/new/http/pihole-FTL-musl-linux-x86_64 /usr/bin/pihole-FTL +ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db + +RUN cd /etc/.pihole && \ + install -Dm755 -d /opt/pihole && \ + install -Dm755 -t /opt/pihole gravity.sh && \ + install -Dm755 -t /opt/pihole ./advanced/Scripts/*.sh && \ + install -Dm755 -t /opt/pihole ./automated\ install/uninstall.sh && \ + install -Dm755 -t /opt/pihole ./advanced/Scripts/COL_TABLE && \ + install -Dm755 -t /usr/local/bin pihole && \ + install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole -ARG PIHOLE_DOCKER_TAG -RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag +ENV DNSMASQ_USER=pihole +ENV FTL_CMD=no-daemon +RUN addgroup -S pihole && adduser -S pihole -G pihole +# RUN groupadd pihole && useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole -ENTRYPOINT [ "/s6-init" ] +RUN apk add curl \ + bind-tools \ + nmap-ncat \ + psmisc \ + sudo \ + unzip \ + wget \ + libidn \ + nettle \ + libcap \ + openresolv \ + iproute2-ss \ + jq \ + coreutils \ + ncurses \ + dialog git newt procps dhcpcd openrc ncurses newt git -COPY s6/debian-root / -COPY s6/service /usr/local/bin/service +ADD bash_functions.sh /usr/bin/bash_functions.sh +ADD start.sh /usr/bin/start.sh -RUN bash -ex install.sh 2>&1 && \ - rm -rf /var/cache/apt/archives /var/lib/apt/lists/* +RUN chmod +x /usr/bin/start.sh +RUN chmod +x /usr/bin/pihole-FTL -ARG PHP_ERROR_LOG -ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log - -# Add PADD to the container, too. -ADD https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd -RUN chmod +x /usr/local/bin/padd - -# IPv6 disable flag for networks/devices that do not support it -ENV IPv6 True - -EXPOSE 53 53/udp -EXPOSE 67/udp -EXPOSE 80 - -ENV S6_KEEP_ENV 1 -ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2 -ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME 0 - -# ENV FTLCONF_LOCAL_IPV4 0.0.0.0 -ENV FTL_CMD no-daemon -ENV DNSMASQ_USER pihole - -ENV PATH /opt/pihole:${PATH} HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 -SHELL ["/bin/bash", "-c"] \ No newline at end of file +ENTRYPOINT [ "start.sh" ] + + + +# RUN apt-get update \ +# && apt-get install --no-install-recommends -y \ +# # Packages Specific to Docker: +# procps \ +# xz-utils \ +# curl \ +# ca-certificates \ +# git \ +# sudo \ +# && rm -rf /var/lib/apt/lists/* + + +# ARG PIHOLE_DOCKER_TAG +# RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag + +# ENTRYPOINT [ "/s6-init" ] + +# COPY s6/debian-root / +# COPY s6/service /usr/local/bin/service + +# RUN bash -ex install.sh 2>&1 && \ +# rm -rf /var/cache/apt/archives /var/lib/apt/lists/* + +# ARG PHP_ERROR_LOG +# ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log + +# # Add PADD to the container, too. +# ADD https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd +# RUN chmod +x /usr/local/bin/padd + +# # IPv6 disable flag for networks/devices that do not support it +# ENV IPv6 True + +# EXPOSE 53 53/udp +# EXPOSE 67/udp +# EXPOSE 80 + +# ENV S6_KEEP_ENV 1 +# ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2 +# ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME 0 + +# # ENV FTLCONF_LOCAL_IPV4 0.0.0.0 +# ENV FTL_CMD no-daemon +# ENV DNSMASQ_USER pihole + +# ENV PATH /opt/pihole:${PATH} + +# HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 + +# SHELL ["/bin/bash", "-c"] \ No newline at end of file diff --git a/src/s6/debian-root/usr/local/bin/bash_functions.sh b/src/bash_functions.sh similarity index 67% rename from src/s6/debian-root/usr/local/bin/bash_functions.sh rename to src/bash_functions.sh index 2b97eec..2cac303 100644 --- a/src/s6/debian-root/usr/local/bin/bash_functions.sh +++ b/src/bash_functions.sh @@ -7,20 +7,75 @@ # Some of the bash_functions use utilities from Pi-hole's utils.sh # shellcheck disable=SC2154 # shellcheck source=/dev/null -. /opt/pihole/utils.sh +# . /opt/pihole/utils.sh + +####################### +# returns value from FTLs config file using pihole-FTL --config +# +# Takes one argument: key +# Example getFTLConfigValue dns.piholePTR +####################### +getFTLConfigValue(){ + pihole-FTL --config -q "${1}" +} + +####################### +# sets value in FTLs config file using pihole-FTL --config +# +# Takes two arguments: key and value +# Example setFTLConfigValue dns.piholePTR PI.HOLE +# +# Note, for complex values such as dns.upstreams, you should wrap the value in single quotes: +# setFTLConfigValue dns.upstreams '[ "8.8.8.8" , "8.8.4.4" ]' +####################### +setFTLConfigValue(){ + pihole-FTL --config "${1}" "${2}" >/dev/null +} + +# export adlistFile="/etc/pihole/adlists.list" + +# shellcheck disable=SC2034 +ensure_basic_configuration() { + echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh" + + + # installScripts > /dev/null + # installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case + + # set +e + mkdir -p /var/run/pihole /var/log/pihole + touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log + chown -R pihole:pihole /var/run/pihole /var/log/pihole + + # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command + # chown -R pihole:root "${PI_HOLE_INSTALL_DIR}" + # chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" + + mkdir -p /etc/pihole + echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> /etc/pihole/adlists.list + chown -R pihole:pihole /etc/pihole + + + # set -e + + # # If FTLCONF_files_macvendor is not set + # if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then + # # User is not passing in a custom location - so force FTL to use the file we moved to / during the build + # setFTLConfigValue "files.macvendor" "/macvendor.db" + # fi +} -export adlistFile="/etc/pihole/adlists.list" fix_capabilities() { # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container: # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep # FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first: echo " [i] Setting capabilities on pihole-FTL where possible" - /sbin/capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN' - /sbin/capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE' - /sbin/capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW' - /sbin/capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false' - /sbin/capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE' + capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN' + capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE' + capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW' + capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false' + capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE' if [[ ${CAP_STR} ]]; then # We have the (some of) the above caps available to us - apply them to pihole-FTL @@ -53,29 +108,6 @@ fix_capabilities() { } -# shellcheck disable=SC2034 -ensure_basic_configuration() { - echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh" - # TODO: Is this it? - installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case - - set +e - mkdir -p /var/run/pihole /var/log/pihole - touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log - - # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command - chown -R pihole:root "${PI_HOLE_INSTALL_DIR}" - chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" - chown -R pihole:pihole /etc/pihole - - set -e - - # If FTLCONF_files_macvendor is not set - if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then - # User is not passing in a custom location - so force FTL to use the file we moved to / during the build - setFTLConfigValue "files.macvendor" "/macvendor.db" - fi -} apply_FTL_Configs_From_Env(){ # Get all exported environment variables starting with FTLCONF_ as a prefix and call the setFTLConfigValue @@ -100,7 +132,7 @@ apply_FTL_Configs_From_Env(){ masked_value=$value fi - if $(pihole-FTL --config "${name}" "${value}" > /ftlconfoutput); then + if $(sudo -u pihole pihole-FTL --config "${name}" "${value}" > /ftlconfoutput); then echo " ${TICK} Applied pihole-FTL setting $name=$masked_value" else echo " ${CROSS} Error Applying pihole-FTL setting $name=$masked_value" @@ -165,26 +197,26 @@ setup_web_password() { fi } -setup_blocklists() { - # Exit/return early without setting up adlists with defaults for any of the following conditions: - # 1. skip_setup_blocklists env is set - exit_string="(exiting ${FUNCNAME[0]} early)" +# setup_blocklists() { +# # Exit/return early without setting up adlists with defaults for any of the following conditions: +# # 1. skip_setup_blocklists env is set +# exit_string="(exiting ${FUNCNAME[0]} early)" - if [ -n "${skip_setup_blocklists}" ]; then - echo " [i] skip_setup_blocklists requested $exit_string" - return - fi +# if [ -n "${skip_setup_blocklists}" ]; then +# echo " [i] skip_setup_blocklists requested $exit_string" +# return +# fi - # 2. The adlist file exists already (restarted container or volume mounted list) - if [ -f "${adlistFile}" ]; then - echo " [i] Preexisting ad list ${adlistFile} detected $exit_string" - return - fi +# # 2. The adlist file exists already (restarted container or volume mounted list) +# if [ -f "${adlistFile}" ]; then +# echo " [i] Preexisting ad list ${adlistFile} detected $exit_string" +# return +# fi - echo " [i] ${FUNCNAME[0]} now setting default blocklists up: " - echo " [i] TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot" - installDefaultBlocklists +# echo " [i] ${FUNCNAME[0]} now setting default blocklists up: " +# echo " [i] TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot" +# # installDefaultBlocklists - echo " [i] Blocklists (${adlistFile}) now set to:" - cat "${adlistFile}" -} +# echo " [i] Blocklists (${adlistFile}) now set to:" +# cat "${adlistFile}" +# } diff --git a/src/start.sh b/src/start.sh new file mode 100644 index 0000000..0515486 --- /dev/null +++ b/src/start.sh @@ -0,0 +1,111 @@ +#!/bin/bash -e + +if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then + set -x ; +fi + + +# The below functions are all contained in bash_functions.sh +# shellcheck source=/dev/null +. /usr/bin/bash_functions.sh + + +# shellcheck source=/dev/null +# SKIP_INSTALL=true . /etc/.pihole/automated\ install/basic-install.sh + +echo " [i] Starting docker specific checks & setup for docker pihole/pihole" + +# TODO: +#if [ ! -f /.piholeFirstBoot ] ; then +# echo " [i] Not first container startup so not running docker's setup, re-create container to run setup again" +#else +# regular_setup_functions +#fi + +# Initial checks +# =========================== +fix_capabilities +# validate_env || exit 1 +ensure_basic_configuration + + +apply_FTL_Configs_From_Env + +# Web interface setup +# =========================== +# load_web_password_secret +# setup_web_password + +# Misc Setup +# =========================== +# setup_blocklists + +# FTL setup +# =========================== + +# setup_FTL_User +# setup_FTL_query_logging + +[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot + +echo " [i] Docker start setup complete" +echo "" + + +echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" +echo "" + + + + + + +#!/usr/bin/env bash + +if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then + set -x ; +fi + +# Remove possible leftovers from previous pihole-FTL processes +rm -f /dev/shm/FTL-* 2> /dev/null +rm -f /run/pihole/FTL.sock + +# install /dev/null files to ensure they exist (create if non-existing, preserve if existing) +mkdir -pm 0755 /run/pihole /var/log/pihole +[[ ! -f /run/pihole-FTL.pid ]] && install /dev/null /run/pihole-FTL.pid +[[ ! -f /var/log/pihole/FTL.log ]] && install /dev/null /var/log/pihole/FTL.log +[[ ! -f /var/log/pihole/pihole.log ]] && install /dev/null /var/log/pihole/pihole.log +[[ ! -f /etc/pihole/dhcp.leases ]] && install /dev/null /etc/pihole/dhcp.leases + +# Ensure that permissions are set so that pihole-FTL can edit all necessary files +chown pihole:pihole /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole +chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /etc/pihole/pihole.toml + +# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist +chmod -f 0644 /etc/pihole/macvendor.db || true +# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist +chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db || true +# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist +chmod -f 0664 /etc/pihole/pihole-FTL.db || true + +# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/ +# Should be removed with Pi-hole v6.0 +if [ ! -f /var/log/pihole.log ]; then + ln -s /var/log/pihole/pihole.log /var/log/pihole.log + chown -h pihole:pihole /var/log/pihole.log + +fi +if [ ! -f /var/log/pihole-FTL.log ]; then + ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log + chown -h pihole:pihole /var/log/pihole-FTL.log +fi + +pihole -g + +capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & +tail -f /var/log/pihole-FTL.log + +# Notes on above: +# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env +# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too +# prevent duplicating it in docker logs by sending to dev null From 171c8108f9b799027d3cf92cccdb673d9e6dc84d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 9 Jun 2023 18:53:42 +0100 Subject: [PATCH 014/175] Remove the s6 directory to prevent confusion. I will try to remember where I was with the previous commit. Signed-off-by: Adam Warner --- .../_postFTL/dependencies.d/pihole-FTL | 0 .../etc/s6-overlay/s6-rc.d/_postFTL/type | 1 - .../etc/s6-overlay/s6-rc.d/_postFTL/up | 2 - .../_startup/dependencies.d/_uid-gid-changer | 0 .../etc/s6-overlay/s6-rc.d/_startup/type | 1 - .../etc/s6-overlay/s6-rc.d/_startup/up | 2 - .../_uid-gid-changer/dependencies.d/base | 0 .../_uid-gid-changer/dependencies.d/cron | 0 .../s6-overlay/s6-rc.d/_uid-gid-changer/type | 1 - .../s6-overlay/s6-rc.d/_uid-gid-changer/up | 2 - .../s6-rc.d/cron/dependencies.d/base | 0 .../etc/s6-overlay/s6-rc.d/cron/finish | 4 - .../etc/s6-overlay/s6-rc.d/cron/run | 3 - .../etc/s6-overlay/s6-rc.d/cron/type | 1 - .../pihole-FTL/dependencies.d/_startup | 0 .../etc/s6-overlay/s6-rc.d/pihole-FTL/finish | 4 - .../etc/s6-overlay/s6-rc.d/pihole-FTL/run | 46 --------- .../etc/s6-overlay/s6-rc.d/pihole-FTL/type | 1 - .../s6-rc.d/user/contents.d/_postFTL | 0 .../s6-rc.d/user/contents.d/_startup | 0 .../s6-rc.d/user/contents.d/_uid-gid-changer | 0 .../s6-overlay/s6-rc.d/user/contents.d/cron | 0 .../s6-rc.d/user/contents.d/pihole-FTL | 0 src/s6/debian-root/usr/local/bin/_postFTL.sh | 27 ------ src/s6/debian-root/usr/local/bin/_startup.sh | 52 ---------- .../usr/local/bin/_uid-gid-changer.sh | 35 ------- src/s6/debian-root/usr/local/bin/install.sh | 94 ------------------- src/s6/service | 53 ----------- src/start.sh | 2 +- 29 files changed, 1 insertion(+), 330 deletions(-) delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/pihole-FTL delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/type delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/up delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies.d/_uid-gid-changer delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/base delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/cron delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/base delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/dependencies.d/_startup delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run delete mode 100755 src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_postFTL delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_startup delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_uid-gid-changer delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/cron delete mode 100644 src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/pihole-FTL delete mode 100755 src/s6/debian-root/usr/local/bin/_postFTL.sh delete mode 100755 src/s6/debian-root/usr/local/bin/_startup.sh delete mode 100755 src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh delete mode 100644 src/s6/debian-root/usr/local/bin/install.sh delete mode 100755 src/s6/service diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/pihole-FTL b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/pihole-FTL deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/type deleted file mode 100755 index 3d92b15..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/up b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/up deleted file mode 100755 index 4d5d13d..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/up +++ /dev/null @@ -1,2 +0,0 @@ -#!/command/execlineb -background { bash -e /usr/local/bin/_postFTL.sh } \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies.d/_uid-gid-changer b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies.d/_uid-gid-changer deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type deleted file mode 100755 index 3d92b15..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up deleted file mode 100755 index e547857..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up +++ /dev/null @@ -1,2 +0,0 @@ -#!/command/execlineb -foreground { bash -e /usr/local/bin/_startup.sh } \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/base b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/base deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/cron b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/cron deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type deleted file mode 100644 index 3d92b15..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type +++ /dev/null @@ -1 +0,0 @@ -oneshot \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up deleted file mode 100644 index ad7e4a0..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up +++ /dev/null @@ -1,2 +0,0 @@ -#!/command/execlineb -foreground { bash -e /usr/local/bin/_uid-gid-changer.sh } \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/base b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/base deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish deleted file mode 100755 index 14c0c72..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish +++ /dev/null @@ -1,4 +0,0 @@ -#!/command/with-contenv bash - -s6-echo "Stopping cron" -killall -9 cron diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run deleted file mode 100755 index a2ee651..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/command/with-contenv bash -exec -c -fdmove -c 2 1 /usr/sbin/cron -f diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type deleted file mode 100755 index 1780f9f..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/dependencies.d/_startup b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/dependencies.d/_startup deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish deleted file mode 100755 index 57265c1..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish +++ /dev/null @@ -1,4 +0,0 @@ -#!/command/with-contenv bash - -s6-echo "Stopping pihole-FTL" -killall -15 pihole-FTL diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run deleted file mode 100755 index dad290a..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run +++ /dev/null @@ -1,46 +0,0 @@ -#!/command/with-contenv bash - -if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x ; -fi - -# Remove possible leftovers from previous pihole-FTL processes -rm -f /dev/shm/FTL-* 2> /dev/null -rm /run/pihole/FTL.sock 2> /dev/null - -# install /dev/null files to ensure they exist (create if non-existing, preserve if existing) -mkdir -pm 0755 /run/pihole /var/log/pihole -[[ ! -f /run/pihole-FTL.pid ]] && install /dev/null /run/pihole-FTL.pid -[[ ! -f /var/log/pihole/FTL.log ]] && install /dev/null /var/log/pihole/FTL.log -[[ ! -f /var/log/pihole/pihole.log ]] && install /dev/null /var/log/pihole/pihole.log -[[ ! -f /etc/pihole/dhcp.leases ]] && install /dev/null /etc/pihole/dhcp.leases - -# Ensure that permissions are set so that pihole-FTL can edit all necessary files -chown pihole:pihole /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole -chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /etc/pihole/pihole.toml - -# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist -chmod -f 0644 /etc/pihole/macvendor.db -# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist -chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db -# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist -chmod -f 0664 /etc/pihole/pihole-FTL.db - -# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/ -# Should be removed with Pi-hole v6.0 -if [ ! -f /var/log/pihole.log ]; then - ln -s /var/log/pihole/pihole.log /var/log/pihole.log - chown -h pihole:pihole /var/log/pihole.log - -fi -if [ ! -f /var/log/pihole-FTL.log ]; then - ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log - chown -h pihole:pihole /var/log/pihole-FTL.log -fi - -capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null 2>&1" - -# Notes on above: -# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env -# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too -# prevent duplicating it in docker logs by sending to dev null diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type deleted file mode 100755 index 1780f9f..0000000 --- a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type +++ /dev/null @@ -1 +0,0 @@ -longrun \ No newline at end of file diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_postFTL b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_postFTL deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_startup b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_startup deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_uid-gid-changer b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_uid-gid-changer deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/cron b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/cron deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/pihole-FTL b/src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/pihole-FTL deleted file mode 100644 index e69de29..0000000 diff --git a/src/s6/debian-root/usr/local/bin/_postFTL.sh b/src/s6/debian-root/usr/local/bin/_postFTL.sh deleted file mode 100755 index 96c1d75..0000000 --- a/src/s6/debian-root/usr/local/bin/_postFTL.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# This script contains function calls and lines that may rely on pihole-FTL to be running, it is run as part of a oneshot service on container startup - -if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x ; -fi - -gravityDBfile=$(pihole-FTL --config files.gravity) - -if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then - if [ -n "$SKIPGRAVITYONBOOT" ];then - echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." - echo " Ignoring SKIPGRAVITYONBOOT on this occaision." - fi - pihole -g -else - echo " Skipping Gravity Database Update." -fi - -# Run update checker to check for newer container, and display version output -echo "" -pihole updatechecker -pihole -v - -DOCKER_TAG=$(cat /pihole.docker.tag) -echo " Container tag is: ${DOCKER_TAG}" -echo "" \ No newline at end of file diff --git a/src/s6/debian-root/usr/local/bin/_startup.sh b/src/s6/debian-root/usr/local/bin/_startup.sh deleted file mode 100755 index 5cf0ab6..0000000 --- a/src/s6/debian-root/usr/local/bin/_startup.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -e - -if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x ; -fi - -# The below functions are all contained in bash_functions.sh -# shellcheck source=/dev/null -. /usr/local/bin/bash_functions.sh - -# shellcheck source=/dev/null -SKIP_INSTALL=true . /etc/.pihole/automated\ install/basic-install.sh - -echo " [i] Starting docker specific checks & setup for docker pihole/pihole" - -# TODO: -#if [ ! -f /.piholeFirstBoot ] ; then -# echo " [i] Not first container startup so not running docker's setup, re-create container to run setup again" -#else -# regular_setup_functions -#fi - -# Initial checks -# =========================== -fix_capabilities -# validate_env || exit 1 -ensure_basic_configuration -apply_FTL_Configs_From_Env - -# Web interface setup -# =========================== -load_web_password_secret -setup_web_password - -# Misc Setup -# =========================== -setup_blocklists - -# FTL setup -# =========================== - -# setup_FTL_User -setup_FTL_query_logging - -[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot - -echo " [i] Docker start setup complete" -echo "" - - -echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" -echo "" diff --git a/src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh b/src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh deleted file mode 100755 index 77863ce..0000000 --- a/src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -set -e - -if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x ; -fi - -modifyUser() -{ - declare username=${1:-} newId=${2:-} - [[ -z ${username} || -z ${newId} ]] && return - - local currentId=$(id -u ${username}) - [[ ${currentId} -eq ${newId} ]] && return - - echo " [i] Changing ID for user: ${username} (${currentId} => ${newId})" - usermod -o -u ${newId} ${username} -} - -modifyGroup() -{ - declare groupname=${1:-} newId=${2:-} - [[ -z ${groupname} || -z ${newId} ]] && return - - local currentId=$(id -g ${groupname}) - [[ ${currentId} -eq ${newId} ]] && return - - echo " [i] Changing ID for group: ${groupname} (${currentId} => ${newId})" - groupmod -o -g ${newId} ${groupname} -} - -modifyUser www-data ${WEB_UID} -modifyGroup www-data ${WEB_GID} -modifyUser pihole ${PIHOLE_UID} -modifyGroup pihole ${PIHOLE_GID} \ No newline at end of file diff --git a/src/s6/debian-root/usr/local/bin/install.sh b/src/s6/debian-root/usr/local/bin/install.sh deleted file mode 100644 index aba333c..0000000 --- a/src/s6/debian-root/usr/local/bin/install.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash -ex -# shellcheck disable=SC2034 - -mkdir -p /etc/pihole/ -mkdir -p /var/run/pihole - -CORE_LOCAL_REPO=/etc/.pihole -WEB_LOCAL_REPO=/var/www/html/admin - -detect_arch() { - DETECTED_ARCH=$(dpkg --print-architecture) - S6_ARCH=$DETECTED_ARCH - case $DETECTED_ARCH in - amd64) - S6_ARCH="x86_64";; - armel) - S6_ARCH="armhf";; - armhf) - S6_ARCH="armhf";; - arm64) - S6_ARCH="aarch64";; - i386) - S6_ARCH="i686";; -esac -} - - -DOCKER_TAG=$(cat /pihole.docker.tag) -# Helps to have some additional tools in the dev image when debugging -if [[ "${DOCKER_TAG}" = 'nightly' || "${DOCKER_TAG}" = 'dev' ]]; then - apt-get update - apt-get install --no-install-recommends -y nano less - rm -rf /var/lib/apt/lists/* -fi - -detect_arch - -S6_OVERLAY_VERSION=v3.1.1.2 - -curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" | tar Jxpf - -C / -curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" | tar Jxpf - -C / - -# IMPORTANT: ######################################################################### -# Move /init somewhere else to prevent issues with podman/RHEL # -# See: https://github.com/pi-hole/docker-pi-hole/issues/1176#issuecomment-1227587045 # -mv /init /s6-init # -###################################################################################### - -export USER=pihole - -export PIHOLE_SKIP_OS_CHECK=true - -# # Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated -# curl -sSL https://install.pi-hole.net | bash -sex -- --unattended - -# # At this stage, if we are building a :nightly tag, then switch the Pi-hole install to dev versions -# if [[ "${DOCKER_TAG}" = 'nightly' ]]; then -# yes | pihole checkout dev -# fi - -git clone https://github.com/pi-hole/adminLTE /var/www/html/admin -cd /var/www/html/admin -git checkout devel-v6 - -echo "new/http" | tee /etc/pihole/ftlbranch - -git clone https://github.com/pi-hole/pi-hole /etc/.pihole -cd /etc/.pihole -git checkout development-v6 -bash -ex /etc/.pihole/automated\ install/basic-install.sh --unattended - -pihole-FTL --config webserver.api.pwhash "" - -# sed a new function into the `pihole` script just above the `helpFunc()` function for later use. -sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n echo "Function not supported in Docker images"\\\n exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole - -# Replace a few of the `pihole` options with calls to `unsupportedFunc`: -# pihole -up / pihole updatePihole -sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole -# pihole uninstall -sed -i $'s/)\s*uninstallFunc/) unsupportedFunc/g' /usr/local/bin/pihole -# pihole -r / pihole reconfigure -sed -i $'s/)\s*reconfigurePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole - -# Move macvendor.db to root dir See https://github.com/pi-hole/docker-pi-hole/issues/1137 -# During startup we will change FTL's configuration to point to this file instead of /etc/pihole/macvendor.db -# If user goes on to bind monunt this directory to their host, then we can easily ensure macvendor.db is the latest -# (it is otherwise only updated when FTL is updated, which doesn't happen as part of the normal course of running this image) -mv /etc/pihole/macvendor.db /macvendor.db - -if [ ! -f /.piholeFirstBoot ]; then - touch /.piholeFirstBoot -fi -echo 'Docker install successful' diff --git a/src/s6/service b/src/s6/service deleted file mode 100755 index 47b2d4a..0000000 --- a/src/s6/service +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# This script patches all service commands into the appropriate s6- commands -# pi-hole upstream scripts need a 'service' interface. why not systemd? docker said so. - -start() { - restart -} - -stop() { - /command/s6-svc -wD -d -T2500 /run/service/"$service" -} - -restart() { - local pid - - # Get the PID(s) of the service we are asking to restart - mapfile -t pids < <(pgrep "$service") - - # Only attempt to stop the service if it is already running - if [ "${#pids[@]}" -gt 0 ]; then - stop - - for pid in "${pids[@]}"; do - # Loop until we are certain that the process has been stopped - while test -d /proc/"$pid"; do - sleep 0.2 - done - done - fi - - # Check it hasn't been started by something else in the meantime - pid=$(pgrep "$service") - - # Only attempt to start the service if it is not already running - if [ -z "$pid" ]; then - /command/s6-svc -wu -u -T2500 /run/service/"$service" - fi - -} - -status() { - /command/s6-svstat /run/service/"$service" -} - -service="$1" -command="$2" - -if [[ ! -d "/run/service/$service" ]] ; then - echo "s6 service not found for $service, exiting..." - exit -fi; - -${command} "${service}" diff --git a/src/start.sh b/src/start.sh index 0515486..75150f7 100644 --- a/src/start.sh +++ b/src/start.sh @@ -79,7 +79,7 @@ mkdir -pm 0755 /run/pihole /var/log/pihole # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole -chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /etc/pihole/pihole.toml +chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases # /etc/pihole/pihole.toml # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist chmod -f 0644 /etc/pihole/macvendor.db || true From c21a85ed58f81a156496197c8bc737b5feedf802 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Sun, 18 Jun 2023 19:09:34 -0300 Subject: [PATCH 015/175] Use the new `development-v6` branches for all repos Signed-off-by: RD WebDesign --- src/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 50b4fb4..1f2e435 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -6,12 +6,12 @@ FROM alpine:latest RUN apk add --no-cache git libcap bash # download a repo from github -RUN git clone --branch devel-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin +RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin RUN git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole # Download the latest version of pihole-FTL for alpine: # Probably need this to be built for different architectures -ADD https://ftl.pi-hole.net/new/http/pihole-FTL-musl-linux-x86_64 /usr/bin/pihole-FTL +ADD https://ftl.pi-hole.net/development-v6/pihole-FTL-musl-linux-x86_64 /usr/bin/pihole-FTL ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db RUN cd /etc/.pihole && \ From 7c48cd548ffb7b8c178df526ce1bdbcde4d70cbb Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Sun, 18 Jun 2023 19:10:46 -0300 Subject: [PATCH 016/175] Fix typo `wi1th` to `with` Signed-off-by: RD WebDesign --- src/bash_functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 2cac303..c58f91a 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -118,7 +118,7 @@ apply_FTL_Configs_From_Env(){ source /opt/pihole/COL_TABLE declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(|.+)\"/\1 \2/' | while read -r name value do - # Replace underscores wi1th dots in the name to match pihole-FTL expectiations + # Replace underscores with dots in the name to match pihole-FTL expectiations name="${name//_/.}" # Special handing for the value if the name is dns.upstreams From 452e0ca072d93dcd7493d9c74e4b30bea4abd7b4 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 19 Jun 2023 21:39:24 +0100 Subject: [PATCH 017/175] Add some arch detection into the dockerfile. This seems to build locally, lets see what GHA does with it Signed-off-by: Adam Warner --- .../{v6-pre-alpha.yml => v6-alpine-play.yml} | 6 +- src/Dockerfile | 117 ++++++------------ 2 files changed, 44 insertions(+), 79 deletions(-) rename .github/workflows/{v6-pre-alpha.yml => v6-alpine-play.yml} (91%) diff --git a/.github/workflows/v6-pre-alpha.yml b/.github/workflows/v6-alpine-play.yml similarity index 91% rename from .github/workflows/v6-pre-alpha.yml rename to .github/workflows/v6-alpine-play.yml index 4994711..bdcb4b7 100644 --- a/.github/workflows/v6-pre-alpha.yml +++ b/.github/workflows/v6-alpine-play.yml @@ -4,7 +4,7 @@ on: - cron: '0 5 * * *' push: branches: - - v6-pre-alpha + - v6-alpine-play jobs: build-and-publish: @@ -19,7 +19,7 @@ jobs: if: github.event_name == 'schedule' uses: actions/checkout@v3 with: - ref: v6-pre-alpha + ref: v6-alpine-play - name: Set up QEMU uses: docker/setup-qemu-action@v2 @@ -57,7 +57,7 @@ jobs: uses: docker/build-push-action@v4 with: context: ./src/ - platforms: linux/amd64, linux/arm64, linux/386, linux/arm/v7, linux/arm/v6 + platforms: linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64/v8, linux/riscv64 build-args: | PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} push: true diff --git a/src/Dockerfile b/src/Dockerfile index 1f2e435..f2ce9a7 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,17 +1,52 @@ -# FROM ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim - FROM alpine:latest -# download a repo from github -RUN apk add --no-cache git libcap bash +# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope +ARG TARGETPLATFORM # download a repo from github +# TODO - probably remove a lot of these +RUN apk add --no-cache git \ + libcap \ + bash \ + curl \ + bind-tools \ + nmap-ncat \ + psmisc \ + sudo \ + unzip \ + wget \ + libidn \ + nettle \ + libcap \ + openresolv \ + iproute2-ss \ + jq \ + coreutils \ + ncurses \ + dialog \ + newt \ + procps \ + dhcpcd \ + openrc \ + ncurses \ + newt + +# download a the main repos from github RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin RUN git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole # Download the latest version of pihole-FTL for alpine: -# Probably need this to be built for different architectures -ADD https://ftl.pi-hole.net/development-v6/pihole-FTL-musl-linux-x86_64 /usr/bin/pihole-FTL +# Probably need this to be built for different FTLARCHs +RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ + elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ + elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ + elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ + elif [ "$TARGETPLATFORM" = "linux/arm64/v8" ]; then FTLARCH=armv64; \ + elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ + else FTLARCH=amd64; fi \ + && curl -sSL "https://ftl.pi-hole.net/development-v6/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL + + ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db RUN cd /etc/.pihole && \ @@ -29,23 +64,6 @@ ENV FTL_CMD=no-daemon RUN addgroup -S pihole && adduser -S pihole -G pihole # RUN groupadd pihole && useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole -RUN apk add curl \ - bind-tools \ - nmap-ncat \ - psmisc \ - sudo \ - unzip \ - wget \ - libidn \ - nettle \ - libcap \ - openresolv \ - iproute2-ss \ - jq \ - coreutils \ - ncurses \ - dialog git newt procps dhcpcd openrc ncurses newt git - ADD bash_functions.sh /usr/bin/bash_functions.sh ADD start.sh /usr/bin/start.sh @@ -56,56 +74,3 @@ RUN chmod +x /usr/bin/pihole-FTL HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 ENTRYPOINT [ "start.sh" ] - - - -# RUN apt-get update \ -# && apt-get install --no-install-recommends -y \ -# # Packages Specific to Docker: -# procps \ -# xz-utils \ -# curl \ -# ca-certificates \ -# git \ -# sudo \ -# && rm -rf /var/lib/apt/lists/* - - -# ARG PIHOLE_DOCKER_TAG -# RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag - -# ENTRYPOINT [ "/s6-init" ] - -# COPY s6/debian-root / -# COPY s6/service /usr/local/bin/service - -# RUN bash -ex install.sh 2>&1 && \ -# rm -rf /var/cache/apt/archives /var/lib/apt/lists/* - -# ARG PHP_ERROR_LOG -# ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log - -# # Add PADD to the container, too. -# ADD https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd -# RUN chmod +x /usr/local/bin/padd - -# # IPv6 disable flag for networks/devices that do not support it -# ENV IPv6 True - -# EXPOSE 53 53/udp -# EXPOSE 67/udp -# EXPOSE 80 - -# ENV S6_KEEP_ENV 1 -# ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2 -# ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME 0 - -# # ENV FTLCONF_LOCAL_IPV4 0.0.0.0 -# ENV FTL_CMD no-daemon -# ENV DNSMASQ_USER pihole - -# ENV PATH /opt/pihole:${PATH} - -# HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 - -# SHELL ["/bin/bash", "-c"] \ No newline at end of file From 05466f9c14d6ee1bc0befaf16cf1a2290499dc0c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 19 Jun 2023 21:40:13 +0100 Subject: [PATCH 018/175] Lets not overwite an existing image... Signed-off-by: Adam Warner --- .github/workflows/v6-alpine-play.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/v6-alpine-play.yml b/.github/workflows/v6-alpine-play.yml index bdcb4b7..dcdbe4f 100644 --- a/.github/workflows/v6-alpine-play.yml +++ b/.github/workflows/v6-alpine-play.yml @@ -38,7 +38,7 @@ jobs: flavor: | latest=false tags: | - v6-pre-alpha + v6-alpine-play - name: Login to DockerHub uses: docker/login-action@v2 From 2e5998175b71525de5502a6da698c21286ee13e4 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 19 Jun 2023 22:04:18 +0100 Subject: [PATCH 019/175] Yolo Signed-off-by: Adam Warner --- .github/actions/login-repo/action.yml | 35 ++++ .github/actions/merge-and-push/action.yml | 48 ++++++ .github/workflows/v6-alpine-play.yml | 197 ++++++++++++++++++---- src/Dockerfile | 4 +- 4 files changed, 247 insertions(+), 37 deletions(-) create mode 100644 .github/actions/login-repo/action.yml create mode 100644 .github/actions/merge-and-push/action.yml diff --git a/.github/actions/login-repo/action.yml b/.github/actions/login-repo/action.yml new file mode 100644 index 0000000..f4bd3ee --- /dev/null +++ b/.github/actions/login-repo/action.yml @@ -0,0 +1,35 @@ +name: Login to container registries +description: Login to container registries Docker Hub and GitHub Container Registry + +inputs: + # Actions cannot access secrets so pass them in as inputs + docker_username: + required: true + description: The username to use to login to Docker Hub + docker_password: + required: true + description: The password to use to login to Docker Hub + ghcr_username: + required: true + description: The username to use to login to GitHub Container Registry + ghcr_password: + required: true + description: The password to use to login to GitHub Container Registry + +runs: + using: "composite" + steps: + - + name: Login to Docker Hub + uses: docker/login-action@v2 + with: + registry: docker.io + username: ${{ inputs.docker_username }} + password: ${{ inputs.docker_password }} + - + name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ inputs.ghcr_username }} + password: ${{ inputs.ghcr_password }} \ No newline at end of file diff --git a/.github/actions/merge-and-push/action.yml b/.github/actions/merge-and-push/action.yml new file mode 100644 index 0000000..d73480a --- /dev/null +++ b/.github/actions/merge-and-push/action.yml @@ -0,0 +1,48 @@ +name: Merge and push +description: Apply meta, create manifest, and push to container registry + +inputs: + imagename: + required: true + description: The name of the image to push + platform: + required: true + description: The platform to push the image for + +runs: + using: "composite" + steps: + - + name: Docker meta + id: meta_docker + uses: docker/metadata-action@v4 + with: + images: | + ${{ inputs.imagename }},enable=${{ github.event_name != 'pull_request' && github.event_name != 'workflow_dispatch' }} + foo/bar,enable=${{ github.event_name == 'pull_request' }} + # We want to tag the image with the latest tag if the workflow was triggered by a tag + flavor: | + latest=${{ startsWith(github.ref, 'refs/tags/') }} + # tags: + # type=schedule means that a tag is applied when the workflow is triggered by a schedule event + # type=ref,event=branch means that a tag is applied when the workflow is triggered by a push to a branch + # type=ref,event=tag means that a tag is applied when the workflow is triggered by a push to a tag + tags: | + type=schedule,suffix=-${{ inputs.platform }},enable=${{ github.event_name == 'schedule' }} + type=ref,event=branch,suffix=-${{ inputs.platform }},enable=${{ github.event_name != 'schedule' }} + type=ref,event=tag,suffix=-${{ inputs.platform }} + - + name: Create manifest list and push to repository + working-directory: /tmp/digests/dockerhub/${{ inputs.platform }} + # When using composite actions, you have to specify the shell. As you + # don’t specify a runner type in composite actions, you need to specify + # the shell instead for each action. + shell: bash + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ inputs.imagename }}@sha256:%s ' *) + - + name: Inspect image + shell: bash + run: | + docker buildx imagetools inspect ${{ inputs.imagename }}:${{ steps.meta_docker.outputs.version }} \ No newline at end of file diff --git a/.github/workflows/v6-alpine-play.yml b/.github/workflows/v6-alpine-play.yml index dcdbe4f..b122392 100644 --- a/.github/workflows/v6-alpine-play.yml +++ b/.github/workflows/v6-alpine-play.yml @@ -1,65 +1,192 @@ name: Build & Publish on: schedule: - - cron: '0 5 * * *' + - cron: "0 5 * * *" push: branches: - v6-alpine-play +env: + DOCKER_REGISTRY_IMAGE: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole + GITHUB_REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/pihole + jobs: - build-and-publish: + build-and-test: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - platform: linux/amd64 + container: alpine:3.18 + - platform: linux/386 + container: alpine:3.18 + # - platform: linux/arm/v5 + # container: debian:stretch-slim + # - platform: linux/arm/v6 + # container: debian:bullseye-slim + - platform: linux/arm/v6 + container: alpine:3.18 + - platform: linux/arm/v7 + container: alpine:3.18 + - platform: linux/arm64/v8 + container: alpine:3.18 + - platform: linux/riscv64 + container: alpine:edge steps: - - - name: Checkout - if: github.event_name != 'schedule' - uses: actions/checkout@v3 - - - name: Checkout dev branch if we are building - if: github.event_name == 'schedule' + - name: Checkout Repo uses: actions/checkout@v3 with: ref: v6-alpine-play - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Docker meta + - name: Docker meta (Docker Hub and GitHub Container Registry) id: meta uses: docker/metadata-action@v4 with: github-token: ${{ secrets.GITHUB_TOKEN }} images: | - ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole - ghcr.io/${{ github.repository_owner }}/pihole + ${{ env.DOCKER_REGISTRY_IMAGE }} + ${{ env.GITHUB_REGISTRY_IMAGE }} flavor: | latest=false tags: | v6-alpine-play - - - name: Login to DockerHub - uses: docker/login-action@v2 + - name: Login to DockerHub and GitHub Container Registry + uses: ./.github/actions/login-repo with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + docker_username: ${{ secrets.DOCKERHUB_USER }} + docker_password: ${{ secrets.DOCKERHUB_PASS }} + ghcr_username: ${{ github.repository_owner }} + ghcr_password: ${{ secrets.GITHUB_TOKEN }} + - # Add support for more platforms with QEMU (optional) + # https://github.com/docker/setup-qemu-action + name: Set up QEMU + uses: docker/setup-qemu-action@v2 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v4 + platforms: all + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build container and push by digest (Docker Hub) + id: build_docker + uses: docker/build-push-action@v3 with: context: ./src/ - platforms: linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64/v8, linux/riscv64 + platforms: ${{ matrix.platform }} build-args: | PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} + CONTAINER=${{ matrix.container }} push: true - tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + outputs: | + type=image,name=${{ env.DOCKER_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + - name: Build container and push by digest (GitHub Container Registry) + id: build_ghcr + uses: docker/build-push-action@v3 + with: + context: ./src/ + platforms: ${{ matrix.platform }} + build-args: | + PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} + CONTAINER=${{ matrix.container }} + push: true + labels: ${{ steps.meta.outputs.labels }} + outputs: | + type=image,name=${{ env.GITHUB_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + - name: Export digests + run: | + mkdir -p /tmp/digests/dockerhub/${{ env.context }} + mkdir -p /tmp/digests/ghcr/${{ env.context }} + digest_docker="${{ steps.build_docker.outputs.digest }}" + touch "/tmp/digests/dockerhub/${{ env.context }}/${digest_docker#sha256:}" + digest_ghcr="${{ steps.build_ghcr.outputs.digest }}" + touch "/tmp/digests/ghcr/${{ env.context }}/${digest_ghcr#sha256:}" + - name: Upload digest + uses: actions/upload-artifact@v3 + with: + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + # Merge all the digests into a single file + # If we would push immediately above, the individual runners would overwrite each other's images + # https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners + merge-and-deploy: + runs-on: ubuntu-latest + needs: + - build-and-test + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + - name: Download digests + uses: actions/download-artifact@v3 + with: + name: digests + path: /tmp/digests + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to DockerHub and GitHub Container Registry + uses: ./.github/actions/login-repo + with: + docker_username: ${{ secrets.DOCKERHUB_USER }} + docker_password: ${{ secrets.DOCKERHUB_PASS }} + ghcr_username: ${{ github.repository_owner }} + ghcr_password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker meta (Docker Hub and GitHub Container Registry) + id: meta + uses: docker/metadata-action@v4 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + images: | + ${{ env.DOCKER_REGISTRY_IMAGE }} + flavor: | + latest=false + tags: | + v6-alpine-play + + - name: Create manifest list and push + working-directory: /tmp/digests/dockerhub + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.DOCKER_REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.DOCKER_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} + + - name: Create manifest list and push + working-directory: /tmp/digests/ghcr + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.GITHUB_REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.GITHUB_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} + + # Push the digests to Docker Hub and GitHub Container Registry + + # - + # name: Collect and push (Alpine, Docker Hub) + # uses: ./.github/actions/merge-and-push + # with: + # imagename: ${{ env.DOCKER_REGISTRY_IMAGE }} + # platform: alpine + # # - + # # name: Collect and push (Debian, Docker Hub) + # # uses: ./.github/actions/merge-and-push + # # with: + # # imagename: ${{ env.DOCKER_REGISTRY_IMAGE }} + # # platform: debian + # - + # name: Collect and push (Alpine, GitHub Container Registry) + # uses: ./.github/actions/merge-and-push + # with: + # imagename: ${{ env.GITHUB_REGISTRY_IMAGE }} + # platform: alpine + # - + # name: Collect and push (Debian, GitHub Container Registry) + # uses: ./.github/actions/merge-and-push + # with: + # imagename: ${{ env.GITHUB_REGISTRY_IMAGE }} + # platform: debian diff --git a/src/Dockerfile b/src/Dockerfile index f2ce9a7..00244fb 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,5 +1,5 @@ -FROM alpine:latest - +ARG CONTAINER="alpine:edge" +FROM ${CONTAINER} # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETPLATFORM From 45c636eb254e520bb406b58455d4e73546cd978e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 21 Jun 2023 19:17:29 +0100 Subject: [PATCH 020/175] Use pihole-FTL prestart script from core repo to avoid code duplication. Change the order of startup objects a little. look at starting crond on startup Signed-off-by: Adam Warner --- src/Dockerfile | 16 +++++++++++++--- src/start.sh | 40 +++++----------------------------------- 2 files changed, 18 insertions(+), 38 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 00244fb..3f007ce 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -44,7 +44,8 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ elif [ "$TARGETPLATFORM" = "linux/arm64/v8" ]; then FTLARCH=armv64; \ elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ else FTLARCH=amd64; fi \ - && curl -sSL "https://ftl.pi-hole.net/development-v6/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL + && curl -sSL "https://ftl.pi-hole.net/development-v6/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL && \ + chmod +x /usr/bin/pihole-FTL ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db @@ -56,7 +57,16 @@ RUN cd /etc/.pihole && \ install -Dm755 -t /opt/pihole ./automated\ install/uninstall.sh && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/COL_TABLE && \ install -Dm755 -t /usr/local/bin pihole && \ - install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole + install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ + install -Dm644 ./advanced/Templates/pihole.cron /var/spool/cron/crontabs/pihole && \ + # Randomize gravity update time + sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /var/spool/cron/crontabs/pihole && \ + # Randomize update checker time + sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /var/spool/cron/crontabs/pihole && \ + # Grab some useful bits from FTL's service scripts + install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \ + install -T -m 0755 ./advanced/Templates/pihole-FTL-poststop.sh /opt/pihole/pihole-FTL-poststop.sh + ENV DNSMASQ_USER=pihole @@ -68,7 +78,7 @@ ADD bash_functions.sh /usr/bin/bash_functions.sh ADD start.sh /usr/bin/start.sh RUN chmod +x /usr/bin/start.sh -RUN chmod +x /usr/bin/pihole-FTL + HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 diff --git a/src/start.sh b/src/start.sh index 75150f7..e1cbc2f 100644 --- a/src/start.sh +++ b/src/start.sh @@ -56,12 +56,6 @@ echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" echo "" - - - - -#!/usr/bin/env bash - if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then set -x ; fi @@ -70,39 +64,15 @@ fi rm -f /dev/shm/FTL-* 2> /dev/null rm -f /run/pihole/FTL.sock -# install /dev/null files to ensure they exist (create if non-existing, preserve if existing) -mkdir -pm 0755 /run/pihole /var/log/pihole -[[ ! -f /run/pihole-FTL.pid ]] && install /dev/null /run/pihole-FTL.pid -[[ ! -f /var/log/pihole/FTL.log ]] && install /dev/null /var/log/pihole/FTL.log -[[ ! -f /var/log/pihole/pihole.log ]] && install /dev/null /var/log/pihole/pihole.log -[[ ! -f /etc/pihole/dhcp.leases ]] && install /dev/null /etc/pihole/dhcp.leases +# Start FTL. TODO: We need to either mock the service file or update the pihole script in the main repo to restart FTL if no init system is present +sh /opt/pihole/pihole-FTL-prestart.sh +capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & -# Ensure that permissions are set so that pihole-FTL can edit all necessary files -chown pihole:pihole /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole -chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases # /etc/pihole/pihole.toml - -# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist -chmod -f 0644 /etc/pihole/macvendor.db || true -# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist -chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db || true -# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist -chmod -f 0664 /etc/pihole/pihole-FTL.db || true - -# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/ -# Should be removed with Pi-hole v6.0 -if [ ! -f /var/log/pihole.log ]; then - ln -s /var/log/pihole/pihole.log /var/log/pihole.log - chown -h pihole:pihole /var/log/pihole.log - -fi -if [ ! -f /var/log/pihole-FTL.log ]; then - ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log - chown -h pihole:pihole /var/log/pihole-FTL.log -fi +# Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc) +crond pihole -g -capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & tail -f /var/log/pihole-FTL.log # Notes on above: From a5c8e6d873eb4c822ba1109a83e380d3a0caff8c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 29 Jun 2023 17:24:56 +0100 Subject: [PATCH 021/175] Run pihole update checked on container start Signed-off-by: Adam Warner --- src/start.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/start.sh b/src/start.sh index e1cbc2f..1772d6a 100644 --- a/src/start.sh +++ b/src/start.sh @@ -73,6 +73,8 @@ crond pihole -g +pihole updatechecker + tail -f /var/log/pihole-FTL.log # Notes on above: From 1a09d394448319e0c179dd97b4c6b74918e10162 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 29 Jun 2023 17:25:08 +0100 Subject: [PATCH 022/175] chown the macvendor that we copied to root Signed-off-by: Adam Warner --- src/bash_functions.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index c58f91a..79d0100 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -58,11 +58,12 @@ ensure_basic_configuration() { # set -e - # # If FTLCONF_files_macvendor is not set - # if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then - # # User is not passing in a custom location - so force FTL to use the file we moved to / during the build - # setFTLConfigValue "files.macvendor" "/macvendor.db" - # fi + # If FTLCONF_files_macvendor is not set + if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then + # User is not passing in a custom location - so force FTL to use the file we moved to / during the build + setFTLConfigValue "files.macvendor" "/macvendor.db" + chown pihole:pihole /macvendor.db + fi } From 194fe3121f26d4191eec21f26a1f86cda8893323 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 3 Jul 2023 19:06:55 +0100 Subject: [PATCH 023/175] Add nano and less to the image Signed-off-by: Adam Warner --- src/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 3f007ce..c506308 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -29,7 +29,9 @@ RUN apk add --no-cache git \ dhcpcd \ openrc \ ncurses \ - newt + newt \ + nano \ + less # download a the main repos from github RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin From 0f15d7b3ac2bfc14e2d3208725815f859aa7970c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 3 Jul 2023 19:15:27 +0100 Subject: [PATCH 024/175] Remove duplicate APKs Signed-off-by: Adam Warner --- src/Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index c506308..a721aa6 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -6,7 +6,6 @@ ARG TARGETPLATFORM # download a repo from github # TODO - probably remove a lot of these RUN apk add --no-cache git \ - libcap \ bash \ curl \ bind-tools \ @@ -22,14 +21,12 @@ RUN apk add --no-cache git \ iproute2-ss \ jq \ coreutils \ - ncurses \ dialog \ newt \ procps \ dhcpcd \ openrc \ ncurses \ - newt \ nano \ less From 38bd86202bbe1a1eeb5c15c75c116568fed08754 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 3 Jul 2023 19:15:36 +0100 Subject: [PATCH 025/175] Clarify output of action Signed-off-by: Adam Warner --- .github/workflows/v6-alpine-play.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/v6-alpine-play.yml b/.github/workflows/v6-alpine-play.yml index b122392..160a348 100644 --- a/.github/workflows/v6-alpine-play.yml +++ b/.github/workflows/v6-alpine-play.yml @@ -144,7 +144,7 @@ jobs: tags: | v6-alpine-play - - name: Create manifest list and push + - name: Create manifest list and push (Docker Hub) working-directory: /tmp/digests/dockerhub run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ @@ -154,7 +154,7 @@ jobs: run: | docker buildx imagetools inspect ${{ env.DOCKER_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - - name: Create manifest list and push + - name: Create manifest list and push (Github Container Registry) working-directory: /tmp/digests/ghcr run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ From 67fc0a4a989459400b01d554944170bb0852338d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 3 Jul 2023 20:23:45 +0100 Subject: [PATCH 026/175] Tidy up action a little, add in missing GHCR meta Signed-off-by: Adam Warner --- .github/workflows/v6-alpine-play.yml | 42 ++++++++-------------------- 1 file changed, 11 insertions(+), 31 deletions(-) diff --git a/.github/workflows/v6-alpine-play.yml b/.github/workflows/v6-alpine-play.yml index 160a348..e66ddb2 100644 --- a/.github/workflows/v6-alpine-play.yml +++ b/.github/workflows/v6-alpine-play.yml @@ -21,10 +21,6 @@ jobs: container: alpine:3.18 - platform: linux/386 container: alpine:3.18 - # - platform: linux/arm/v5 - # container: debian:stretch-slim - # - platform: linux/arm/v6 - # container: debian:bullseye-slim - platform: linux/arm/v6 container: alpine:3.18 - platform: linux/arm/v7 @@ -38,6 +34,7 @@ jobs: uses: actions/checkout@v3 with: ref: v6-alpine-play + - name: Docker meta (Docker Hub and GitHub Container Registry) id: meta uses: docker/metadata-action@v4 @@ -50,6 +47,7 @@ jobs: latest=false tags: | v6-alpine-play + - name: Login to DockerHub and GitHub Container Registry uses: ./.github/actions/login-repo with: @@ -57,6 +55,7 @@ jobs: docker_password: ${{ secrets.DOCKERHUB_PASS }} ghcr_username: ${{ github.repository_owner }} ghcr_password: ${{ secrets.GITHUB_TOKEN }} + - # Add support for more platforms with QEMU (optional) # https://github.com/docker/setup-qemu-action name: Set up QEMU @@ -65,6 +64,7 @@ jobs: platforms: all - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Build container and push by digest (Docker Hub) id: build_docker uses: docker/build-push-action@v3 @@ -78,6 +78,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} outputs: | type=image,name=${{ env.DOCKER_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + - name: Build container and push by digest (GitHub Container Registry) id: build_ghcr uses: docker/build-push-action@v3 @@ -91,6 +92,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} outputs: | type=image,name=${{ env.GITHUB_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + - name: Export digests run: | mkdir -p /tmp/digests/dockerhub/${{ env.context }} @@ -99,6 +101,7 @@ jobs: touch "/tmp/digests/dockerhub/${{ env.context }}/${digest_docker#sha256:}" digest_ghcr="${{ steps.build_ghcr.outputs.digest }}" touch "/tmp/digests/ghcr/${{ env.context }}/${digest_ghcr#sha256:}" + - name: Upload digest uses: actions/upload-artifact@v3 with: @@ -117,13 +120,16 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + - name: Download digests uses: actions/download-artifact@v3 with: name: digests path: /tmp/digests + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Login to DockerHub and GitHub Container Registry uses: ./.github/actions/login-repo with: @@ -139,6 +145,7 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} images: | ${{ env.DOCKER_REGISTRY_IMAGE }} + ${{ env.GITHUB_REGISTRY_IMAGE }} flavor: | latest=false tags: | @@ -163,30 +170,3 @@ jobs: - name: Inspect image run: | docker buildx imagetools inspect ${{ env.GITHUB_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - - # Push the digests to Docker Hub and GitHub Container Registry - - # - - # name: Collect and push (Alpine, Docker Hub) - # uses: ./.github/actions/merge-and-push - # with: - # imagename: ${{ env.DOCKER_REGISTRY_IMAGE }} - # platform: alpine - # # - - # # name: Collect and push (Debian, Docker Hub) - # # uses: ./.github/actions/merge-and-push - # # with: - # # imagename: ${{ env.DOCKER_REGISTRY_IMAGE }} - # # platform: debian - # - - # name: Collect and push (Alpine, GitHub Container Registry) - # uses: ./.github/actions/merge-and-push - # with: - # imagename: ${{ env.GITHUB_REGISTRY_IMAGE }} - # platform: alpine - # - - # name: Collect and push (Debian, GitHub Container Registry) - # uses: ./.github/actions/merge-and-push - # with: - # imagename: ${{ env.GITHUB_REGISTRY_IMAGE }} - # platform: debian From 56e2db6cffdd31e8974f7bdc340460bf854eced2 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 3 Jul 2023 20:30:10 +0100 Subject: [PATCH 027/175] Too many actions with the same name.. Signed-off-by: Adam Warner --- .github/workflows/v6-alpine-play.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/v6-alpine-play.yml b/.github/workflows/v6-alpine-play.yml index e66ddb2..56185e1 100644 --- a/.github/workflows/v6-alpine-play.yml +++ b/.github/workflows/v6-alpine-play.yml @@ -1,4 +1,4 @@ -name: Build & Publish +name: Build and Publish (Alpine) on: schedule: - cron: "0 5 * * *" From cc3789df212436bd9c90c4c4299ad7ad9bf08de8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 3 Jul 2023 20:55:14 +0100 Subject: [PATCH 028/175] Attempt to reduce code reuse in action Signed-off-by: Adam Warner --- .github/workflows/v6-alpine-play.yml | 84 +++++++++------------------- .vscode/settings.json | 5 ++ src/Dockerfile | 4 +- 3 files changed, 34 insertions(+), 59 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.github/workflows/v6-alpine-play.yml b/.github/workflows/v6-alpine-play.yml index 56185e1..38e0767 100644 --- a/.github/workflows/v6-alpine-play.yml +++ b/.github/workflows/v6-alpine-play.yml @@ -7,8 +7,8 @@ on: - v6-alpine-play env: - DOCKER_REGISTRY_IMAGE: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole - GITHUB_REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/pihole + dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole + ghcr: ghcr.io/${{ github.repository_owner }}/pihole jobs: build-and-test: @@ -16,19 +16,16 @@ jobs: strategy: fail-fast: false matrix: + registry: [dockerhub, ghcr] + platform: [linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64/v8] + container: [3.18] include: - - platform: linux/amd64 - container: alpine:3.18 - - platform: linux/386 - container: alpine:3.18 - - platform: linux/arm/v6 - container: alpine:3.18 - - platform: linux/arm/v7 - container: alpine:3.18 - - platform: linux/arm64/v8 - container: alpine:3.18 - - platform: linux/riscv64 - container: alpine:edge + - registry: dockerhub + platform: linux/riscv64 + container: edge + - registry: ghcr + platform: linux/riscv64 + container: edge steps: - name: Checkout Repo uses: actions/checkout@v3 @@ -41,8 +38,7 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} images: | - ${{ env.DOCKER_REGISTRY_IMAGE }} - ${{ env.GITHUB_REGISTRY_IMAGE }} + ${{ env[matrix.registry] }} flavor: | latest=false tags: | @@ -56,17 +52,15 @@ jobs: ghcr_username: ${{ github.repository_owner }} ghcr_password: ${{ secrets.GITHUB_TOKEN }} - - # Add support for more platforms with QEMU (optional) - # https://github.com/docker/setup-qemu-action - name: Set up QEMU + - name: Set up QEMU uses: docker/setup-qemu-action@v2 with: platforms: all - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Build container and push by digest (Docker Hub) - id: build_docker + - name: Build container and push by digest (${{ matrix.registry }}) + id: build uses: docker/build-push-action@v3 with: context: ./src/ @@ -77,30 +71,13 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} outputs: | - type=image,name=${{ env.DOCKER_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - - - name: Build container and push by digest (GitHub Container Registry) - id: build_ghcr - uses: docker/build-push-action@v3 - with: - context: ./src/ - platforms: ${{ matrix.platform }} - build-args: | - PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} - CONTAINER=${{ matrix.container }} - push: true - labels: ${{ steps.meta.outputs.labels }} - outputs: | - type=image,name=${{ env.GITHUB_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + type=image,name=${{ env[matrix.registry] }},push-by-digest=true,name-canonical=true,push=true - name: Export digests run: | - mkdir -p /tmp/digests/dockerhub/${{ env.context }} - mkdir -p /tmp/digests/ghcr/${{ env.context }} - digest_docker="${{ steps.build_docker.outputs.digest }}" - touch "/tmp/digests/dockerhub/${{ env.context }}/${digest_docker#sha256:}" - digest_ghcr="${{ steps.build_ghcr.outputs.digest }}" - touch "/tmp/digests/ghcr/${{ env.context }}/${digest_ghcr#sha256:}" + mkdir -p /tmp/digests/${{ matrix.registry }} + digest_docker="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${{ matrix.registry }}/${digest_docker#sha256:}" - name: Upload digest uses: actions/upload-artifact@v3 @@ -114,6 +91,10 @@ jobs: # If we would push immediately above, the individual runners would overwrite each other's images # https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners merge-and-deploy: + strategy: + fail-fast: false + matrix: + registry: [dockerhub, ghcr] runs-on: ubuntu-latest needs: - build-and-test @@ -144,29 +125,18 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} images: | - ${{ env.DOCKER_REGISTRY_IMAGE }} - ${{ env.GITHUB_REGISTRY_IMAGE }} + ${{ env[matrix.registry] }} flavor: | latest=false tags: | v6-alpine-play - name: Create manifest list and push (Docker Hub) - working-directory: /tmp/digests/dockerhub + working-directory: /tmp/digests/${{ matrix.registry }} run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.DOCKER_REGISTRY_IMAGE }}@sha256:%s ' *) + $(printf '${{ env[matrix.registry] }}@sha256:%s ' *) - name: Inspect image run: | - docker buildx imagetools inspect ${{ env.DOCKER_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - - - name: Create manifest list and push (Github Container Registry) - working-directory: /tmp/digests/ghcr - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.GITHUB_REGISTRY_IMAGE }}@sha256:%s ' *) - - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.GITHUB_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect ${{ env[matrix.registry] }}:${{ steps.meta.outputs.version }} diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..de794da --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "github-actions.workflows.pinned.workflows": [ + ".github/workflows/v6-alpine-play.yml" + ] +} \ No newline at end of file diff --git a/src/Dockerfile b/src/Dockerfile index a721aa6..ac2c9e4 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,5 +1,5 @@ -ARG CONTAINER="alpine:edge" -FROM ${CONTAINER} +ARG CONTAINER="3.18" +FROM alpine:${CONTAINER} # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETPLATFORM From d415bffcb7d67dcf189afc2cc03c745e37885252 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 3 Jul 2023 22:54:49 +0100 Subject: [PATCH 029/175] Create our own cron file rather than copying the one from the core repo (which contains non-standard cron syntax) Signed-off-by: Adam Warner --- src/Dockerfile | 8 +------- src/crontab.txt | 3 +++ src/start.sh | 10 +++++++++- 3 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 src/crontab.txt diff --git a/src/Dockerfile b/src/Dockerfile index ac2c9e4..9bdc342 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -48,6 +48,7 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db +ADD crontab.txt /crontab.txt RUN cd /etc/.pihole && \ install -Dm755 -d /opt/pihole && \ @@ -57,17 +58,10 @@ RUN cd /etc/.pihole && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/COL_TABLE && \ install -Dm755 -t /usr/local/bin pihole && \ install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ - install -Dm644 ./advanced/Templates/pihole.cron /var/spool/cron/crontabs/pihole && \ - # Randomize gravity update time - sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /var/spool/cron/crontabs/pihole && \ - # Randomize update checker time - sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /var/spool/cron/crontabs/pihole && \ - # Grab some useful bits from FTL's service scripts install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \ install -T -m 0755 ./advanced/Templates/pihole-FTL-poststop.sh /opt/pihole/pihole-FTL-poststop.sh - ENV DNSMASQ_USER=pihole ENV FTL_CMD=no-daemon RUN addgroup -S pihole && adduser -S pihole -G pihole diff --git a/src/crontab.txt b/src/crontab.txt new file mode 100644 index 0000000..5d7453a --- /dev/null +++ b/src/crontab.txt @@ -0,0 +1,3 @@ +59 1 * * 6 PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log +00 00 * * * PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet +59 17 * * * PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker diff --git a/src/start.sh b/src/start.sh index 1772d6a..0f92afa 100644 --- a/src/start.sh +++ b/src/start.sh @@ -69,7 +69,15 @@ sh /opt/pihole/pihole-FTL-prestart.sh capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & # Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc) -crond +# crond + +# Randomize gravity update time +sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt +# Randomize update checker time +sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt +/usr/bin/crontab /crontab.txt + +/usr/sbin/crond pihole -g From c89d5d128608920c1b0532d19cb9b1deeae8b660 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 9 Jul 2023 17:02:38 +0100 Subject: [PATCH 030/175] Minor formatting tweaks Signed-off-by: Adam Warner --- src/Dockerfile | 58 +++++++++++++++++++++---------------------- src/bash_functions.sh | 6 ++--- 2 files changed, 31 insertions(+), 33 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 9bdc342..2febc7e 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -6,29 +6,29 @@ ARG TARGETPLATFORM # download a repo from github # TODO - probably remove a lot of these RUN apk add --no-cache git \ - bash \ - curl \ - bind-tools \ - nmap-ncat \ - psmisc \ - sudo \ - unzip \ - wget \ - libidn \ - nettle \ - libcap \ - openresolv \ - iproute2-ss \ - jq \ - coreutils \ - dialog \ - newt \ - procps \ - dhcpcd \ - openrc \ - ncurses \ - nano \ - less + bash \ + curl \ + bind-tools \ + nmap-ncat \ + psmisc \ + sudo \ + unzip \ + wget \ + libidn \ + nettle \ + libcap \ + openresolv \ + iproute2-ss \ + jq \ + coreutils \ + dialog \ + newt \ + procps \ + dhcpcd \ + openrc \ + ncurses \ + nano \ + less # download a the main repos from github RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin @@ -36,12 +36,12 @@ RUN git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /et # Download the latest version of pihole-FTL for alpine: # Probably need this to be built for different FTLARCHs -RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ - elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ - elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ - elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ +RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ + elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ + elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ + elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ elif [ "$TARGETPLATFORM" = "linux/arm64/v8" ]; then FTLARCH=armv64; \ - elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ + elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ else FTLARCH=amd64; fi \ && curl -sSL "https://ftl.pi-hole.net/development-v6/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL && \ chmod +x /usr/bin/pihole-FTL @@ -72,8 +72,6 @@ ADD start.sh /usr/bin/start.sh RUN chmod +x /usr/bin/start.sh - - HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 ENTRYPOINT [ "start.sh" ] diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 79d0100..89a47a9 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -16,7 +16,7 @@ # Example getFTLConfigValue dns.piholePTR ####################### getFTLConfigValue(){ - pihole-FTL --config -q "${1}" + pihole-FTL --config -q "${1}" } ####################### @@ -124,7 +124,7 @@ apply_FTL_Configs_From_Env(){ # Special handing for the value if the name is dns.upstreams if [ "$name" == "dns.upstreams" ]; then - value="[\"${value//;/\",\"}\"]" + value='["'${value//;/\",\"}'"]' fi if [ "$name" == "webserver.api.password" ]; then @@ -133,7 +133,7 @@ apply_FTL_Configs_From_Env(){ masked_value=$value fi - if $(sudo -u pihole pihole-FTL --config "${name}" "${value}" > /ftlconfoutput); then + if pihole-FTL --config "${name}" "${value}" > /ftlconfoutput; then echo " ${TICK} Applied pihole-FTL setting $name=$masked_value" else echo " ${CROSS} Error Applying pihole-FTL setting $name=$masked_value" From 5435c9d6c126af58f800f86734a51e2d8090c52c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 9 Jul 2023 17:09:32 +0100 Subject: [PATCH 031/175] Start FTL after running gravity completely. Else we end up in a situation where the database getss stuck in readonly Signed-off-by: Adam Warner --- src/start.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/start.sh b/src/start.sh index 0f92afa..3eee79b 100644 --- a/src/start.sh +++ b/src/start.sh @@ -64,9 +64,7 @@ fi rm -f /dev/shm/FTL-* 2> /dev/null rm -f /run/pihole/FTL.sock -# Start FTL. TODO: We need to either mock the service file or update the pihole script in the main repo to restart FTL if no init system is present -sh /opt/pihole/pihole-FTL-prestart.sh -capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & + # Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc) # crond @@ -83,6 +81,10 @@ pihole -g pihole updatechecker +# Start FTL. TODO: We need to either mock the service file or update the pihole script in the main repo to restart FTL if no init system is present +sh /opt/pihole/pihole-FTL-prestart.sh +capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & + tail -f /var/log/pihole-FTL.log # Notes on above: From b44c052b9b900ca72e05519d96ab5cfe96662383 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 10 Jul 2023 23:23:25 +0100 Subject: [PATCH 032/175] Target `development-v6` instead of `v6-alpine-play` Signed-off-by: Adam Warner --- .../workflows/{v6-alpine-play.yml => development-v6.yml} | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) rename .github/workflows/{v6-alpine-play.yml => development-v6.yml} (96%) diff --git a/.github/workflows/v6-alpine-play.yml b/.github/workflows/development-v6.yml similarity index 96% rename from .github/workflows/v6-alpine-play.yml rename to .github/workflows/development-v6.yml index 38e0767..337dfa8 100644 --- a/.github/workflows/v6-alpine-play.yml +++ b/.github/workflows/development-v6.yml @@ -1,10 +1,10 @@ -name: Build and Publish (Alpine) +name: Build and Publish (development-v6) on: schedule: - cron: "0 5 * * *" push: branches: - - v6-alpine-play + - development-v6 env: dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole @@ -91,6 +91,7 @@ jobs: # If we would push immediately above, the individual runners would overwrite each other's images # https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners merge-and-deploy: + if: github.event_name != 'pull_request' strategy: fail-fast: false matrix: @@ -131,7 +132,7 @@ jobs: tags: | v6-alpine-play - - name: Create manifest list and push (Docker Hub) + - name: Create manifest list and push (${{ matrix.registry }}) working-directory: /tmp/digests/${{ matrix.registry }} run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ From ef03be0d36f33bcf078bb6a311ad780769817b15 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 10 Jul 2023 23:32:10 +0100 Subject: [PATCH 033/175] Helps if we replace _all_ references Signed-off-by: Adam Warner --- .github/workflows/development-v6.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/development-v6.yml b/.github/workflows/development-v6.yml index 337dfa8..41941fe 100644 --- a/.github/workflows/development-v6.yml +++ b/.github/workflows/development-v6.yml @@ -30,7 +30,7 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 with: - ref: v6-alpine-play + ref: development-v6 - name: Docker meta (Docker Hub and GitHub Container Registry) id: meta @@ -42,7 +42,7 @@ jobs: flavor: | latest=false tags: | - v6-alpine-play + development-v6 - name: Login to DockerHub and GitHub Container Registry uses: ./.github/actions/login-repo @@ -130,7 +130,7 @@ jobs: flavor: | latest=false tags: | - v6-alpine-play + development-v6 - name: Create manifest list and push (${{ matrix.registry }}) working-directory: /tmp/digests/${{ matrix.registry }} From d3c343a01f92fe6b6e77c99a28b609b3a8f81432 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 10 Jul 2023 23:48:18 +0100 Subject: [PATCH 034/175] Remove the old build process Signed-off-by: Adam Warner --- .github/workflows/test-and-build.yaml | 84 ------------------- ...{development-v6.yml => test-and-build.yml} | 1 + 2 files changed, 1 insertion(+), 84 deletions(-) delete mode 100644 .github/workflows/test-and-build.yaml rename .github/workflows/{development-v6.yml => test-and-build.yml} (99%) diff --git a/.github/workflows/test-and-build.yaml b/.github/workflows/test-and-build.yaml deleted file mode 100644 index f9c99bd..0000000 --- a/.github/workflows/test-and-build.yaml +++ /dev/null @@ -1,84 +0,0 @@ -name: Test & Build -on: - schedule: - - cron: '0 2 * * *' - push: - branches: - - dev - pull_request: - release: - types: [published] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v3 - - name: Run Tests - run: | - echo "Building image to test" - ./build-and-test.sh - - build-and-publish: - if: github.event_name != 'pull_request' - # If only readme has been touched, for example, then the `test` job will have been skipped. This job will therefore be skipped, too. - needs: test - runs-on: ubuntu-latest - steps: - - - name: Checkout - if: github.event_name != 'schedule' - uses: actions/checkout@v3 - - - name: Checkout dev branch if we are building nightly - if: github.event_name == 'schedule' - uses: actions/checkout@v3 - with: - ref: dev - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - images: | - ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole - ghcr.io/${{ github.repository_owner }}/pihole - flavor: | - latest=${{ startsWith(github.ref, 'refs/tags/') }} - tags: | - type=schedule - type=ref,event=branch,enable=${{ github.event_name != 'schedule' }} - type=ref,event=tag - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PASS }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v4 - with: - context: ./src/ - platforms: linux/amd64, linux/arm64, linux/386, linux/arm/v7, linux/arm/v6 - build-args: | - PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} - push: true - provenance: false - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/development-v6.yml b/.github/workflows/test-and-build.yml similarity index 99% rename from .github/workflows/development-v6.yml rename to .github/workflows/test-and-build.yml index 41941fe..51acf60 100644 --- a/.github/workflows/development-v6.yml +++ b/.github/workflows/test-and-build.yml @@ -5,6 +5,7 @@ on: push: branches: - development-v6 + pull_request: env: dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole From 5d33fdadd343513b5b5199d55cd8e9f079270853 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 11 Jul 2023 19:15:24 +0100 Subject: [PATCH 035/175] reimplement allowing user to skip gravity on boot with the environment variable SKIPGRAVITYONBOOT (as with v5) Signed-off-by: Adam Warner --- src/start.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/start.sh b/src/start.sh index 3eee79b..ff03266 100644 --- a/src/start.sh +++ b/src/start.sh @@ -77,7 +77,17 @@ sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt /usr/sbin/crond -pihole -g +gravityDBfile=$(getFTLConfigValue files.gravity) + +if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then + if [ -n "$SKIPGRAVITYONBOOT" ];then + echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." + echo " Ignoring SKIPGRAVITYONBOOT on this occaision." + fi + pihole -g +else + echo " Skipping Gravity Database Update." +fi pihole updatechecker From 11b6b8bd3461b4f8881ef0a8c3e0d8b95861e052 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 10 Jul 2023 23:40:37 +0100 Subject: [PATCH 036/175] Remove some dependencies, move nano & less to the start script and only intall if env var `INSTALL_DEV_TOOLS` > 0 Signed-off-by: Adam Warner --- src/Dockerfile | 17 +++-------------- src/start.sh | 5 +++++ 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 2febc7e..7364ad9 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -3,9 +3,8 @@ FROM alpine:${CONTAINER} # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETPLATFORM -# download a repo from github -# TODO - probably remove a lot of these -RUN apk add --no-cache git \ +RUN apk add --no-cache \ + git \ bash \ curl \ bind-tools \ @@ -14,21 +13,11 @@ RUN apk add --no-cache git \ sudo \ unzip \ wget \ - libidn \ - nettle \ libcap \ - openresolv \ iproute2-ss \ jq \ coreutils \ - dialog \ - newt \ - procps \ - dhcpcd \ - openrc \ - ncurses \ - nano \ - less + procps # download a the main repos from github RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin diff --git a/src/start.sh b/src/start.sh index 3eee79b..5fe17c8 100644 --- a/src/start.sh +++ b/src/start.sh @@ -60,6 +60,11 @@ if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then set -x ; fi +# Install editors inside container if requested +if [ "${INSTALL_DEV_TOOLS:-0}" -gt 0 ] ; then + apk add --no-cache nano less +fi + # Remove possible leftovers from previous pihole-FTL processes rm -f /dev/shm/FTL-* 2> /dev/null rm -f /run/pihole/FTL.sock From f739dca3237b2e44a0d52201f8546df8c56ee3c0 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 12 Jul 2023 19:30:23 +0100 Subject: [PATCH 037/175] Don't log in or push on pull request Signed-off-by: Adam Warner --- .github/workflows/test-and-build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/test-and-build.yml index 51acf60..fb75f9b 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/test-and-build.yml @@ -46,6 +46,7 @@ jobs: development-v6 - name: Login to DockerHub and GitHub Container Registry + if: github.event_name != 'pull_request' uses: ./.github/actions/login-repo with: docker_username: ${{ secrets.DOCKERHUB_USER }} @@ -72,7 +73,7 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} outputs: | - type=image,name=${{ env[matrix.registry] }},push-by-digest=true,name-canonical=true,push=true + type=image,name=${{ env[matrix.registry] }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} - name: Export digests run: | From e20f1a707a69481dfbe54cd0d5a4dc6ece5830c4 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 12 Jul 2023 19:47:37 +0100 Subject: [PATCH 038/175] and push-by-digest Signed-off-by: Adam Warner --- .github/workflows/test-and-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/test-and-build.yml index fb75f9b..bb6c235 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/test-and-build.yml @@ -73,7 +73,7 @@ jobs: push: true labels: ${{ steps.meta.outputs.labels }} outputs: | - type=image,name=${{ env[matrix.registry] }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} + type=image,name=${{ env[matrix.registry] }},push-by-digest=${{ github.event_name != 'pull_request' }},name-canonical=true,push=${{ github.event_name != 'pull_request' }} - name: Export digests run: | From da1d135eea5dd57f20d9cc67768a98bedacb9eca Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 12 Jul 2023 21:34:55 +0100 Subject: [PATCH 039/175] remove erroneous push Signed-off-by: Adam Warner --- .github/workflows/test-and-build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/test-and-build.yml index bb6c235..4215dc8 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/test-and-build.yml @@ -70,7 +70,6 @@ jobs: build-args: | PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} CONTAINER=${{ matrix.container }} - push: true labels: ${{ steps.meta.outputs.labels }} outputs: | type=image,name=${{ env[matrix.registry] }},push-by-digest=${{ github.event_name != 'pull_request' }},name-canonical=true,push=${{ github.event_name != 'pull_request' }} From e3c9b90c6d4962a9e35b8483f7ebb1978477af7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Jul 2023 20:35:45 +0000 Subject: [PATCH 040/175] Bump actions/stale from 7.0.0 to 8.0.0 Bumps [actions/stale](https://github.com/actions/stale) from 7.0.0 to 8.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v7...v8.0.0) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yml | 2 +- .github/workflows/stale_pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 2ba90b4..6c50db4 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: issues: write steps: - - uses: actions/stale@v7 + - uses: actions/stale@v8.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 30 diff --git a/.github/workflows/stale_pr.yml b/.github/workflows/stale_pr.yml index 87c8758..c544359 100644 --- a/.github/workflows/stale_pr.yml +++ b/.github/workflows/stale_pr.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v7.0.0 + - uses: actions/stale@v8.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Do not automatically mark PR/issue as stale From 52f098c269b5abb9d448ec3e397a2c6c8116a27a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Jul 2023 20:48:11 +0000 Subject: [PATCH 041/175] Bump docker/build-push-action from 3 to 4 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test-and-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/test-and-build.yml index 4215dc8..31ceb26 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/test-and-build.yml @@ -63,7 +63,7 @@ jobs: - name: Build container and push by digest (${{ matrix.registry }}) id: build - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: ./src/ platforms: ${{ matrix.platform }} From f15640505c6635e325869c58a16a9ea2311828d7 Mon Sep 17 00:00:00 2001 From: Gontier Julien Date: Sat, 15 Jul 2023 23:13:11 +0200 Subject: [PATCH 042/175] Remove one layer by having both git clone together Signed-off-by: Gontier Julien --- src/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 2febc7e..f4ba5f8 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -31,8 +31,8 @@ RUN apk add --no-cache git \ less # download a the main repos from github -RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin -RUN git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole +RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin &&\ + git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole # Download the latest version of pihole-FTL for alpine: # Probably need this to be built for different FTLARCHs From 1a1e4cecb7ad2a36197d695b1ab523eea1a7e7b7 Mon Sep 17 00:00:00 2001 From: Gontier Julien Date: Sat, 15 Jul 2023 23:29:58 +0200 Subject: [PATCH 043/175] Change so ADD to COPY following best practices Signed-off-by: Gontier Julien --- src/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 2febc7e..fc5d703 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -48,7 +48,7 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db -ADD crontab.txt /crontab.txt +COPY crontab.txt /crontab.txt RUN cd /etc/.pihole && \ install -Dm755 -d /opt/pihole && \ @@ -67,8 +67,8 @@ ENV FTL_CMD=no-daemon RUN addgroup -S pihole && adduser -S pihole -G pihole # RUN groupadd pihole && useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole -ADD bash_functions.sh /usr/bin/bash_functions.sh -ADD start.sh /usr/bin/start.sh +COPY bash_functions.sh /usr/bin/bash_functions.sh +COPY start.sh /usr/bin/start.sh RUN chmod +x /usr/bin/start.sh From 030e3753862cb2e1b9f1451626dd72b53587b9cd Mon Sep 17 00:00:00 2001 From: Snow <52894530+Gontier-Julien@users.noreply.github.com> Date: Sun, 16 Jul 2023 12:14:56 +0200 Subject: [PATCH 044/175] add a space between && and \ for readability Make it consistence with other multi-line commands. Co-authored-by: RD WebDesign Signed-off-by: Snow <52894530+Gontier-Julien@users.noreply.github.com> --- src/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index f4ba5f8..3c264d1 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -31,7 +31,7 @@ RUN apk add --no-cache git \ less # download a the main repos from github -RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin &&\ +RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole # Download the latest version of pihole-FTL for alpine: From e4b5da2f6d12cd3e603c893036c12162baba9e40 Mon Sep 17 00:00:00 2001 From: Gontier Julien Date: Wed, 19 Jul 2023 20:44:52 +0200 Subject: [PATCH 045/175] Reduce git clone size by only cloning what is needed Signed-off-by: Gontier Julien --- src/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index a806db1..19a698f 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -20,8 +20,8 @@ RUN apk add --no-cache \ procps # download a the main repos from github -RUN git clone --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ - git clone --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole +RUN git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ + git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole # Download the latest version of pihole-FTL for alpine: # Probably need this to be built for different FTLARCHs From bf414721e054493991c9bfd648056af5e90182e6 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 17 Jul 2023 22:12:41 +0100 Subject: [PATCH 046/175] Allow branch names to be passed through as ARGs default `development-v6` (for now) Signed-off-by: Adam Warner --- src/Dockerfile | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 19a698f..17ca5aa 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -19,9 +19,13 @@ RUN apk add --no-cache \ coreutils \ procps +ARG WEB_BRANCH="development-v6" +ARG CORE_BRANCH="development-v6" +ARG FTL_BRANCH="development-v6" + # download a the main repos from github -RUN git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ - git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole +RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ + git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole # Download the latest version of pihole-FTL for alpine: # Probably need this to be built for different FTLARCHs @@ -32,7 +36,7 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ elif [ "$TARGETPLATFORM" = "linux/arm64/v8" ]; then FTLARCH=armv64; \ elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ else FTLARCH=amd64; fi \ - && curl -sSL "https://ftl.pi-hole.net/development-v6/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL && \ + && curl -sSL "https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL && \ chmod +x /usr/bin/pihole-FTL From 8cc91c5ae5bc8b159e93a42bd5b41052d1f872ed Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 20 Jul 2023 19:20:32 +0100 Subject: [PATCH 047/175] Add `ncurses` back in for the time being to fix pihole -v output. It was removed in #1366. Signed-off-by: Adam Warner --- src/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 19a698f..e9262b5 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -17,7 +17,8 @@ RUN apk add --no-cache \ iproute2-ss \ jq \ coreutils \ - procps + procps \ + ncurses # download a the main repos from github RUN git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ From e352c6b2acf819f5ee0d755917e3b558f323c5ac Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 23 Jul 2023 18:45:06 +0100 Subject: [PATCH 048/175] re-add the PIHOLE_DOCKER_TAG build arg that went missing along the way Signed-off-by: Adam Warner --- src/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Dockerfile b/src/Dockerfile index 8347f9a..f8a119e 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -20,6 +20,9 @@ RUN apk add --no-cache \ procps \ ncurses +ARG PIHOLE_DOCKER_TAG="unknown" +RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag + ARG WEB_BRANCH="development-v6" ARG CORE_BRANCH="development-v6" ARG FTL_BRANCH="development-v6" From 926b3ae8c6bf876532ea7685d1dea21eecac1755 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Sun, 23 Jul 2023 19:45:25 +0200 Subject: [PATCH 049/175] fix arm64 arch. use copy --chmod --- src/Dockerfile | 56 ++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index f8a119e..d9e76ef 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,7 +1,15 @@ ARG CONTAINER="3.18" FROM alpine:${CONTAINER} # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope + ARG TARGETPLATFORM +ARG WEB_BRANCH="development-v6" +ARG CORE_BRANCH="development-v6" +ARG FTL_BRANCH="development-v6" + +ENV TZ=Europe/Paris +ENV DNSMASQ_USER=pihole +ENV FTL_CMD=no-daemon RUN apk add --no-cache \ git \ @@ -18,34 +26,30 @@ RUN apk add --no-cache \ jq \ coreutils \ procps \ - ncurses + ncurses \ + binutils ARG PIHOLE_DOCKER_TAG="unknown" RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag - -ARG WEB_BRANCH="development-v6" -ARG CORE_BRANCH="development-v6" -ARG FTL_BRANCH="development-v6" +ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db +COPY crontab.txt /crontab.txt # download a the main repos from github -RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ - git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole - -# Download the latest version of pihole-FTL for alpine: -# Probably need this to be built for different FTLARCHs -RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ +RUN git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ + git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole ;\ + # Download the latest version of pihole-FTL for alpine: + # Probably need this to be built for different FTLARCHs + if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ - elif [ "$TARGETPLATFORM" = "linux/arm64/v8" ]; then FTLARCH=armv64; \ + elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then FTLARCH=arm64; \ elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ else FTLARCH=amd64; fi \ - && curl -sSL "https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL && \ - chmod +x /usr/bin/pihole-FTL - - -ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db -COPY crontab.txt /crontab.txt + && echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \ + && curl -sSL "https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL \ + && chmod +x /usr/bin/pihole-FTL \ + && readelf -h /usr/bin/pihole-FTL || cat /usr/bin/pihole-FTL RUN cd /etc/.pihole && \ install -Dm755 -d /opt/pihole && \ @@ -56,18 +60,12 @@ RUN cd /etc/.pihole && \ install -Dm755 -t /usr/local/bin pihole && \ install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \ - install -T -m 0755 ./advanced/Templates/pihole-FTL-poststop.sh /opt/pihole/pihole-FTL-poststop.sh + install -T -m 0755 ./advanced/Templates/pihole-FTL-poststop.sh /opt/pihole/pihole-FTL-poststop.sh && \ + # RUN groupadd pihole && useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole + addgroup -S pihole && adduser -S pihole -G pihole - -ENV DNSMASQ_USER=pihole -ENV FTL_CMD=no-daemon -RUN addgroup -S pihole && adduser -S pihole -G pihole -# RUN groupadd pihole && useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole - -COPY bash_functions.sh /usr/bin/bash_functions.sh -COPY start.sh /usr/bin/start.sh - -RUN chmod +x /usr/bin/start.sh +COPY --chmod=0755 bash_functions.sh /usr/bin/bash_functions.sh +COPY --chmod=0755 start.sh /usr/bin/start.sh HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 From 45bbb490d0277e99de4540dc802b0d43f171d348 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Sun, 23 Jul 2023 21:36:42 +0200 Subject: [PATCH 050/175] Update src/Dockerfile Co-authored-by: RD WebDesign Signed-off-by: edgd1er --- src/Dockerfile | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index d9e76ef..1f37080 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -6,8 +6,8 @@ ARG TARGETPLATFORM ARG WEB_BRANCH="development-v6" ARG CORE_BRANCH="development-v6" ARG FTL_BRANCH="development-v6" +ARG PIHOLE_DOCKER_TAG="unknown" -ENV TZ=Europe/Paris ENV DNSMASQ_USER=pihole ENV FTL_CMD=no-daemon @@ -29,16 +29,13 @@ RUN apk add --no-cache \ ncurses \ binutils -ARG PIHOLE_DOCKER_TAG="unknown" -RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt # download a the main repos from github -RUN git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ - git clone --depth 1 --single-branch --branch development-v6 https://github.com/pi-hole/pi-hole.git /etc/.pihole ;\ +RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ + git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole ;\ # Download the latest version of pihole-FTL for alpine: - # Probably need this to be built for different FTLARCHs if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ @@ -61,8 +58,8 @@ RUN cd /etc/.pihole && \ install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \ install -T -m 0755 ./advanced/Templates/pihole-FTL-poststop.sh /opt/pihole/pihole-FTL-poststop.sh && \ - # RUN groupadd pihole && useradd -r --no-user-group -g pihole -s /usr/sbin/nologin pihole - addgroup -S pihole && adduser -S pihole -G pihole + addgroup -S pihole && adduser -S pihole -G pihole && \ + echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag COPY --chmod=0755 bash_functions.sh /usr/bin/bash_functions.sh COPY --chmod=0755 start.sh /usr/bin/start.sh From 93826e2d1de3a0e35890a9d2ee424cc034efac85 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 24 Jul 2023 00:12:46 +0100 Subject: [PATCH 051/175] Add tzdata package so that users can define their own timezone at runtime Signed-off-by: Adam Warner --- src/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 1f37080..1d7aec8 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -27,7 +27,8 @@ RUN apk add --no-cache \ coreutils \ procps \ ncurses \ - binutils + binutils \ + tzdata ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt From 6b5332be476032a637a1d4db1a7d614acbf5b199 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 24 Jul 2023 18:03:13 +0100 Subject: [PATCH 052/175] - Change test dockerfile base to alpine, too (Alpine all the things!) - Tweak build-and-test.sh to allow tests to run against more platforms using buildx - Split GHA out into two seperate files. One for tests on pull requests, another for build and merge on push to `development-v6` (add other branches in later) Signed-off-by: Adam Warner --- ...st-and-build.yml => build-and-publish.yml} | 13 +++----- .github/workflows/build-and-test.yml | 30 +++++++++++++++++++ build-and-test.sh | 3 +- test/Dockerfile | 14 +++------ test/cmd.sh | 4 +-- 5 files changed, 42 insertions(+), 22 deletions(-) rename .github/workflows/{test-and-build.yml => build-and-publish.yml} (92%) create mode 100644 .github/workflows/build-and-test.yml diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/build-and-publish.yml similarity index 92% rename from .github/workflows/test-and-build.yml rename to .github/workflows/build-and-publish.yml index 31ceb26..8e6aeb7 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/build-and-publish.yml @@ -5,14 +5,13 @@ on: push: branches: - development-v6 - pull_request: env: dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole ghcr: ghcr.io/${{ github.repository_owner }}/pihole jobs: - build-and-test: + build: runs-on: ubuntu-latest strategy: fail-fast: false @@ -30,8 +29,6 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 - with: - ref: development-v6 - name: Docker meta (Docker Hub and GitHub Container Registry) id: meta @@ -46,7 +43,6 @@ jobs: development-v6 - name: Login to DockerHub and GitHub Container Registry - if: github.event_name != 'pull_request' uses: ./.github/actions/login-repo with: docker_username: ${{ secrets.DOCKERHUB_USER }} @@ -57,7 +53,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@v2 with: - platforms: all + platforms: ${{ matrix.platform}} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 @@ -72,7 +68,7 @@ jobs: CONTAINER=${{ matrix.container }} labels: ${{ steps.meta.outputs.labels }} outputs: | - type=image,name=${{ env[matrix.registry] }},push-by-digest=${{ github.event_name != 'pull_request' }},name-canonical=true,push=${{ github.event_name != 'pull_request' }} + type=image,name=${{ env[matrix.registry] }},push-by-digest=true,name-canonical=true,push=true - name: Export digests run: | @@ -92,14 +88,13 @@ jobs: # If we would push immediately above, the individual runners would overwrite each other's images # https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners merge-and-deploy: - if: github.event_name != 'pull_request' strategy: fail-fast: false matrix: registry: [dockerhub, ghcr] runs-on: ubuntu-latest needs: - - build-and-test + - build steps: - name: Checkout Repo uses: actions/checkout@v3 diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml new file mode 100644 index 0000000..1699d1b --- /dev/null +++ b/.github/workflows/build-and-test.yml @@ -0,0 +1,30 @@ +name: Build and Test (development-v6) +on: + pull_request: + +jobs: + test: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + # Official docker images for docker are only available for amd64 and arm64 + # TODO: Look at: https://github.com/docker-library/official-images#architectures-other-than-amd64 + # Is testing on all platforms really necessary? + platform: [linux/amd64, linux/arm64/v8] + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: ${{ matrix.platform}} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Run Tests + run: | + echo "Building image to test" + PLATFORM=${{ matrix.platform}} ./build-and-test.sh \ No newline at end of file diff --git a/build-and-test.sh b/build-and-test.sh index b73ed15..353535e 100755 --- a/build-and-test.sh +++ b/build-and-test.sh @@ -8,9 +8,10 @@ fi GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g") GIT_TAG=$(git describe --tags --exact-match 2> /dev/null || true) GIT_TAG="${GIT_TAG:-$GIT_BRANCH}" +PLATFORM="${PLATFORM:-linux/amd64}" # generate and build dockerfile -docker build --tag image_pipenv --file test/Dockerfile test/ +docker buildx build --load --platform=${PLATFORM} --tag image_pipenv --file test/Dockerfile test/ docker run --rm \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume "$(pwd):/$(pwd)" \ diff --git a/test/Dockerfile b/test/Dockerfile index 511833a..4ac766d 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -1,18 +1,12 @@ -FROM python:3.10-slim-bullseye +FROM python:3.10-alpine3.18 # Only works for docker CLIENT (bind mounted socket) -COPY --from=docker:20.10.17 /usr/local/bin/docker /usr/local/bin/ +COPY --from=docker:24-cli /usr/local/bin/docker /usr/local/bin/ -ARG packages -RUN apt-get update && \ - apt-get install -y python3-dev curl gcc make \ - libffi-dev libssl-dev ${packages} \ - && rm -rf /var/lib/apt/lists/* \ +RUN apk add --no-cache \ + curl \ && pip3 install --no-cache-dir -U pip pipenv -RUN curl -L https://github.com/docker/compose/releases/download/2.10.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \ - chmod +x /usr/local/bin/docker-compose - COPY ./cmd.sh /usr/local/bin/ COPY Pipfile* /root/ WORKDIR /root diff --git a/test/cmd.sh b/test/cmd.sh index 958a8d8..e5ee55f 100755 --- a/test/cmd.sh +++ b/test/cmd.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh set -eux docker build ./src --tag pihole:${GIT_TAG} --no-cache @@ -9,4 +9,4 @@ python -m black ./test/tests/ # TODO: Add junitxml output and have something consume it # 2 parallel max b/c race condition with docker fixture (I think?) -py.test -vv -n 2 ./test/tests/ +py.test -vv -n auto ./test/tests/ From 3208c4042dc48428faa35a9de38357e808ee08ce Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 24 Jul 2023 18:06:43 +0100 Subject: [PATCH 053/175] Strip out no longer relevant tests/test fixtures (persist_docker, for example has not been used in a long time) , begin building test library from ground up. Signed-off-by: Adam Warner --- test/tests/conftest.py | 116 +----------- test/tests/test_bash_functions.py | 288 ++---------------------------- test/tests/test_start.py | 37 ---- 3 files changed, 11 insertions(+), 430 deletions(-) delete mode 100644 test/tests/test_start.py diff --git a/test/tests/conftest.py b/test/tests/conftest.py index 99e0805..1399160 100644 --- a/test/tests/conftest.py +++ b/test/tests/conftest.py @@ -42,7 +42,7 @@ def args_volumes(): @pytest.fixture() def args_env(): - return '-e FTLCONF_LOCAL_IPV4="127.0.0.1"' + return '-e TZ="Europe/London"' @pytest.fixture() @@ -87,33 +87,6 @@ def docker(request, test_args, args, image, cmd, entrypoint): return docker_generic(request, test_args, args, image, cmd, entrypoint) -@pytest.fixture(scope="module") -def docker_persist( - request, - persist_test_args, - persist_args, - persist_image, - persist_cmd, - persist_entrypoint, - dig, -): - """ - Persistent Docker container for multiple tests, instead of stopping container after one test - Uses DUP'd module scoped fixtures because smaller scoped fixtures won't mix with module scope - """ - persistent_container = docker_generic( - request, - persist_test_args, - persist_args, - persist_image, - persist_cmd, - persist_entrypoint, - ) - """ attach a dig container for lookups """ - persistent_container.dig = dig(persistent_container.id) - return persistent_container - - @pytest.fixture def entrypoint(): return "" @@ -129,12 +102,6 @@ def tag(version): return "{}".format(version) -@pytest.fixture -def webserver(tag): - """TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests?""" - return "lighttpd" - - @pytest.fixture() def image(tag): image = "pihole" @@ -146,64 +113,6 @@ def cmd(): return TAIL_DEV_NULL -@pytest.fixture(scope="module") -def persist_version(): - return version - - -@pytest.fixture(scope="module") -def persist_args_dns(): - return "--dns 127.0.0.1 --dns 1.1.1.1" - - -@pytest.fixture(scope="module") -def persist_args_volumes(): - return "-v /dev/null:/etc/pihole/adlists.list" - - -@pytest.fixture(scope="module") -def persist_args_env(): - return '-e ServerIP="127.0.0.1"' - - -@pytest.fixture(scope="module") -def persist_args(persist_args_volumes, persist_args_env): - return "{} {}".format(persist_args_volumes, persist_args_env) - - -@pytest.fixture(scope="module") -def persist_test_args(): - """test override fixture to provide arguments separate from our core args""" - return "" - - -@pytest.fixture(scope="module") -def persist_tag(persist_version): - return "{}".format(persist_version) - - -@pytest.fixture(scope="module") -def persist_webserver(persist_tag): - """TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests?""" - return "lighttpd" - - -@pytest.fixture(scope="module") -def persist_image(persist_tag): - image = "pihole" - return "{}:{}".format(image, persist_tag) - - -@pytest.fixture(scope="module") -def persist_cmd(): - return TAIL_DEV_NULL - - -@pytest.fixture(scope="module") -def persist_entrypoint(): - return "" - - @pytest.fixture def slow(): """ @@ -225,26 +134,3 @@ def slow(): return return _slow - - -@pytest.fixture(scope="module") -def dig(): - """separate container to link to pi-hole and perform lookups""" - """ a docker pull is faster than running an install of dnsutils """ - - def _dig(docker_id): - args = "--link {}:test_pihole".format(docker_id) - image = "azukiapp/dig" - cmd = TAIL_DEV_NULL - dig_container = docker_generic(request, "", args, image, cmd, "") - return dig_container - - return _dig - - -@pytest.fixture -def running_pihole(docker_persist, slow, persist_webserver): - """Persist a fully started docker-pi-hole to help speed up subsequent tests""" - slow(lambda: docker_persist.run("pgrep pihole-FTL").rc == 0) - slow(lambda: docker_persist.run("pgrep lighttpd").rc == 0) - return docker_persist diff --git a/test/tests/test_bash_functions.py b/test/tests/test_bash_functions.py index 64540b9..cf31abd 100644 --- a/test/tests/test_bash_functions.py +++ b/test/tests/test_bash_functions.py @@ -2,289 +2,21 @@ import os import pytest import re -SETUPVARS_LOC = "/etc/pihole/setupVars.conf" -DNSMASQ_CONFIG_LOC = "/etc/dnsmasq.d/01-pihole.conf" -CMD_SETUP_FTL_CACHESIZE = ". bash_functions.sh ; setup_FTL_CacheSize" -CMD_SETUP_FTL_INTERFACE = ". bash_functions.sh ; setup_FTL_Interface" -CMD_SETUP_WEB_PASSWORD = ". bash_functions.sh ; setup_web_password" +CMD_APPLY_FTL_CONFIG_FROM_ENV = ". bash_functions.sh ; apply_FTL_Configs_From_Env" -def _cat(file): - return "cat {}".format(file) - - -def _grep(string, file): - return "grep -q '{}' {}".format(string, file) +@pytest.mark.parametrize("test_args", ['-e "FTLCONF_webserver_port=999"']) +def test_FTLCONF_webserver_port(docker): + func = docker.run(CMD_APPLY_FTL_CONFIG_FROM_ENV) + assert "Applied pihole-FTL setting webserver.port=999" in func.stdout @pytest.mark.parametrize( - "test_args,expected_ipv6,expected_stdout", - [ - ("", True, "IPv4 and IPv6"), - ('-e "IPv6=True"', True, "IPv4 and IPv6"), - ('-e "IPv6=False"', False, "IPv4"), - ('-e "IPv6=foobar"', False, "IPv4"), - ], + "test_args", ['-e "FTLCONF_dns_upstreams=1.1.1.1;8.8.8.8#1234"'] ) -def test_ipv6_not_true_removes_ipv6( - docker, slow, test_args, expected_ipv6, expected_stdout -): - """When a user overrides IPv6=True they only get IPv4 listening webservers""" - IPV6_LINE = "use-ipv6.pl" - WEB_CONFIG = "/etc/lighttpd/lighttpd.conf" - - function = docker.run(". /usr/local/bin/bash_functions.sh ; setup_ipv4_ipv6") - assert "Using {}".format(expected_stdout) in function.stdout - if expected_stdout == "IPv4": - assert "IPv6" not in function.stdout - # On overlay2(?) docker sometimes writes to disk are slow enough to break some tests... - expected_ipv6_check = ( - lambda: ( - IPV6_LINE in docker.run("grep 'use-ipv6.pl' {}".format(WEB_CONFIG)).stdout - ) - == expected_ipv6 - ) - slow(expected_ipv6_check) - - -@pytest.mark.parametrize("test_args", ['-e "WEB_PORT=999"']) -def test_overrides_default_web_port(docker, slow, test_args): - """When a --net=host user sets WEB_PORT to avoid synology's 80 default IPv4 and or IPv6 ports are updated""" - CONFIG_LINE = r"server.port\s*=\s*999" - WEB_CONFIG = "/etc/lighttpd/lighttpd.conf" - - function = docker.run( - ". /usr/local/bin/bash_functions.sh ; eval `grep setup_web_port /usr/local/bin/_startup.sh`" - ) - assert " [i] Custom WEB_PORT set to 999" in function.stdout +def test_FTLCONF_dns_upstreams(docker): + func = docker.run(CMD_APPLY_FTL_CONFIG_FROM_ENV) assert ( - " [i] Without proper router DNAT forwarding to 127.0.0.1:999, you may not get any blocked websites on ads" - in function.stdout + 'Applied pihole-FTL setting dns.upstreams=["1.1.1.1","8.8.8.8#1234"]' + in func.stdout ) - slow( - lambda: re.search(CONFIG_LINE, docker.run(_cat(WEB_CONFIG)).stdout) is not None - ) - - -@pytest.mark.parametrize( - "test_args,expected_error", - [ - ( - '-e WEB_PORT="LXXX"', - "WARNING: Custom WEB_PORT not used - LXXX is not an integer", - ), - ( - '-e WEB_PORT="1,000"', - "WARNING: Custom WEB_PORT not used - 1,000 is not an integer", - ), - ( - '-e WEB_PORT="99999"', - "WARNING: Custom WEB_PORT not used - 99999 is not within valid port range of 1-65535", - ), - ], -) -def test_bad_input_to_web_port(docker, test_args, expected_error): - function = docker.run( - ". /usr/local/bin/bash_functions.sh ; eval `grep setup_web_port /usr/local/bin/_startup.sh`" - ) - assert expected_error in function.stdout - - -@pytest.mark.parametrize( - "test_args,cache_size", - [('-e CUSTOM_CACHE_SIZE="0"', "0"), ('-e CUSTOM_CACHE_SIZE="20000"', "20000")], -) -def test_overrides_default_custom_cache_size(docker, slow, test_args, cache_size): - """Changes the cache_size setting to increase or decrease the cache size for dnsmasq""" - CONFIG_LINE = r"cache-size\s*=\s*{}".format(cache_size) - - function = docker.run( - "echo ${CUSTOM_CACHE_SIZE};. ./usr/local/bin/bash_functions.sh; echo ${CUSTOM_CACHE_SIZE}; eval `grep setup_FTL_CacheSize /usr/local/bin/_startup.sh`" - ) - assert "Custom CUSTOM_CACHE_SIZE set to {}".format(cache_size) in function.stdout - slow( - lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) - is not None - ) - - -@pytest.mark.parametrize( - "test_args", - [ - '-e CUSTOM_CACHE_SIZE="-1"', - '-e CUSTOM_CACHE_SIZE="1,000"', - ], -) -def test_bad_input_to_custom_cache_size(docker, slow, test_args): - CONFIG_LINE = r"cache-size\s*=\s*10000" - - docker.run(CMD_SETUP_FTL_CACHESIZE) - slow( - lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) - is not None - ) - - -@pytest.mark.parametrize( - "test_args", - [ - '-e DNSSEC="true" -e CUSTOM_CACHE_SIZE="0"', - ], -) -def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args): - CONFIG_LINE = r"cache-size\s*=\s*10000" - - docker.run(CMD_SETUP_FTL_CACHESIZE) - slow( - lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) - is not None - ) - - -@pytest.mark.parametrize( - "args_env, expected_stdout, expected_config_line", - [ - ("", "binding to default interface: eth0", "PIHOLE_INTERFACE=eth0"), - ( - '-e INTERFACE="br0"', - "binding to custom interface: br0", - "PIHOLE_INTERFACE=br0", - ), - ], -) -def test_dns_interface_override_defaults( - docker, slow, args_env, expected_stdout, expected_config_line -): - """When INTERFACE environment var is passed in, overwrite dnsmasq interface""" - function = docker.run(CMD_SETUP_FTL_INTERFACE) - assert expected_stdout in function.stdout - slow( - lambda: expected_config_line + "\n" - == docker.run('grep "^PIHOLE_INTERFACE" {}'.format(SETUPVARS_LOC)).stdout - ) - - -expected_debian_lines = [ - '"VIRTUAL_HOST" => "127.0.0.1"', - '"PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log"', -] - - -@pytest.mark.parametrize( - "expected_lines,repeat_function", - [(expected_debian_lines, 1), (expected_debian_lines, 2)], -) -def test_debian_setup_php_env(docker, expected_lines, repeat_function): - """confirm all expected output is there and nothing else""" - for _ in range(repeat_function): - docker.run( - ". /usr/local/bin/bash_functions.sh ; eval `grep setup_php_env /usr/local/bin/_startup.sh`" - ) - for expected_line in expected_lines: - search_config_cmd = ( - "grep -c '{}' /etc/lighttpd/conf-enabled/15-pihole-admin.conf".format( - expected_line - ) - ) - search_config_count = docker.run(search_config_cmd) - found_lines = int(search_config_count.stdout.rstrip("\n")) - if found_lines > 1: - assert ( - False - ), f"Found line {expected_line} times (more than once): {found_lines}" - - -def test_webpassword_random_generation(docker): - """When a user sets webPassword env the admin password gets set to that""" - function = docker.run(CMD_SETUP_WEB_PASSWORD) - assert "assigning random password" in function.stdout.lower() - - -@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")]) -@pytest.mark.parametrize( - "args_env,secure,setupvars_hash", - [ - ( - "-e WEBPASSWORD=login", - True, - "WEBPASSWORD=6060d59351e8c2f48140f01b2c3f3b61652f396c53a5300ae239ebfbe7d5ff08", - ), - ('-e WEBPASSWORD=""', False, ""), - ], -) -def test_webpassword_env_assigns_password_to_file_or_removes_if_empty( - docker, args_env, secure, setupvars_hash -): - """When a user sets webPassword env the admin password gets set or removed if empty""" - function = docker.run(CMD_SETUP_WEB_PASSWORD) - - if secure: - assert "new password set" in function.stdout.lower() - assert docker.run(_grep(setupvars_hash, SETUPVARS_LOC)).rc == 0 - else: - assert "password removed" in function.stdout.lower() - assert docker.run(_grep("^WEBPASSWORD=$", SETUPVARS_LOC)).rc == 0 - - -@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")]) -@pytest.mark.parametrize("test_args", ["-e WEBPASSWORD=login", '-e WEBPASSWORD=""']) -def test_env_always_updates_password(docker, args_env, test_args): - """When a user sets the WEBPASSWORD environment variable, ensure it always sets the password""" - function = docker.run(CMD_SETUP_WEB_PASSWORD) - - assert " [i] Assigning password defined by Environment Variable" in function.stdout - - -@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")]) -def test_setupvars_trumps_random_password_if_set(docker, args_env, test_args): - """If a password is already set in setupvars, and no password is set in the environment variable, do not generate a random password""" - docker.run( - ". /opt/pihole/utils.sh ; addOrEditKeyValPair {} WEBPASSWORD volumepass".format( - SETUPVARS_LOC - ) - ) - function = docker.run(CMD_SETUP_WEB_PASSWORD) - - assert "Pre existing WEBPASSWORD found" in function.stdout - assert docker.run(_grep("WEBPASSWORD=volumepass", SETUPVARS_LOC)).rc == 0 - - -@pytest.mark.parametrize( - "args_env,test_args,expected_bind,expect_warning", - [ - ("-e FTLCONF_LOCAL_IPV4=192.0.2.10", "--net=host", "192.0.2.10", True), - ("-e FTLCONF_LOCAL_IPV4=192.0.2.10", "", "0.0.0.0", False), - ( - "-e WEB_BIND_ADDR=192.0.2.20 -e FTLCONF_LOCAL_IPV4=192.0.2.10", - "--net=host", - "192.0.2.20", - False, - ), - ( - "-e WEB_BIND_ADDR=192.0.2.20 -e FTLCONF_LOCAL_IPV4=192.0.2.10", - "", - "192.0.2.20", - False, - ), - ], -) -def test_setup_lighttpd_bind( - docker, args_env, test_args, expected_bind, expect_warning -): - """Lighttpd's bind address is correctly set""" - WEB_CONFIG = "/etc/lighttpd/lighttpd.conf" - WARNING_EXTRACT = "[i] WARNING: running in host network mode forces" - - function = docker.run(". /usr/local/bin/bash_functions.sh ; setup_lighttpd_bind") - - if expect_warning: - assert WARNING_EXTRACT in function.stdout - else: - assert WARNING_EXTRACT not in function.stdout - - config = docker.run(f"cat {WEB_CONFIG} | grep 'server.bind'") - - if expected_bind == "0.0.0.0": - assert "server.bind" not in config.stdout - else: - assert f'server.bind = "{expected_bind}"' in config.stdout diff --git a/test/tests/test_start.py b/test/tests/test_start.py deleted file mode 100644 index 967403b..0000000 --- a/test/tests/test_start.py +++ /dev/null @@ -1,37 +0,0 @@ -import pytest -import time - -""" conftest.py provides the defaults through fixtures """ -""" Note, testinfra builtins don't seem fully compatible with - docker containers (esp. musl based OSs) stripped down nature """ - - -# If the test runs /usr/local/bin/_startup.sh, do not let s6 run it too! Kill entrypoint to avoid race condition/duplicated execution -@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")]) -@pytest.mark.parametrize( - "args,error_msg,expect_rc", - [ - ( - '-e FTLCONF_LOCAL_IPV4="1.2.3.z"', - "FTLCONF_LOCAL_IPV4 Environment variable (1.2.3.z) doesn't appear to be a valid IPv4 address", - 1, - ), - ( - '-e FTLCONF_LOCAL_IPV4="1.2.3.4" -e FTLCONF_LOCAL_IPV6="1234:1234:1234:ZZZZ"', - "Environment variable (1234:1234:1234:ZZZZ) doesn't appear to be a valid IPv6 address", - 1, - ), - ( - '-e FTLCONF_LOCAL_IPV4="1.2.3.4" -e FTLCONF_LOCAL_IPV6="kernel"', - "ERROR: You passed in IPv6 with a value of 'kernel'", - 1, - ), - ], -) -def test_ftlconf_local_addr_invalid_ips_triggers_exit_error( - docker, error_msg, expect_rc -): - start = docker.run("/usr/local/bin/_startup.sh") - assert start.rc == expect_rc - assert "ERROR" in start.stdout - assert error_msg in start.stdout From 1202dafcbd6d9a5538bc706e891820a57565b6d8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 24 Jul 2023 18:26:04 +0100 Subject: [PATCH 054/175] Change test dockerfile base to `docker:24.0.4-cli-alpine3.18` rather than copying in, buildx would not work the other way. Signed-off-by: Adam Warner --- test/Dockerfile | 25 ++++++++++++------------- test/cmd.sh | 2 +- test/entrypoint.sh | 1 + 3 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 test/entrypoint.sh diff --git a/test/Dockerfile b/test/Dockerfile index 4ac766d..676f972 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -1,20 +1,19 @@ -FROM python:3.10-alpine3.18 +FROM docker:24.0.4-cli-alpine3.18 -# Only works for docker CLIENT (bind mounted socket) -COPY --from=docker:24-cli /usr/local/bin/docker /usr/local/bin/ - -RUN apk add --no-cache \ - curl \ - && pip3 install --no-cache-dir -U pip pipenv - -COPY ./cmd.sh /usr/local/bin/ +COPY --chmod=0755 ./cmd.sh /usr/local/bin/cmd.sh +COPY --chmod=0755 ./entrypoint.sh /usr/local/bin/entrypoint.sh COPY Pipfile* /root/ WORKDIR /root -RUN pipenv install --system \ - && sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.10/site-packages/testinfra/backend/docker.py +RUN apk add --no-cache \ + python3-dev \ + py3-pip \ + curl \ + && pip3 install --no-cache-dir -U pip pipenv \ + && pipenv install --system \ + # Not 100% sure what this line does, but it's always been in the Dockerfile (aside from pointing at a different file) + # Tests fall over without it. Investigate later. + && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.11/site-packages/testinfra/backend/docker.py -RUN echo "set -ex && cmd.sh && \$@" > /usr/local/bin/entrypoint.sh -RUN chmod +x /usr/local/bin/entrypoint.sh ENTRYPOINT entrypoint.sh CMD cmd.sh diff --git a/test/cmd.sh b/test/cmd.sh index e5ee55f..2c753d7 100755 --- a/test/cmd.sh +++ b/test/cmd.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh set -eux -docker build ./src --tag pihole:${GIT_TAG} --no-cache +docker buildx build ./src --tag pihole:${GIT_TAG} --no-cache docker images pihole:${GIT_TAG} # auto-format the pytest code diff --git a/test/entrypoint.sh b/test/entrypoint.sh new file mode 100644 index 0000000..dce4fc1 --- /dev/null +++ b/test/entrypoint.sh @@ -0,0 +1 @@ +set -ex && cmd.sh \ No newline at end of file From 4c8f4613dde880d1bd36eb99dbafb6c492d41750 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 24 Jul 2023 18:29:42 +0100 Subject: [PATCH 055/175] test names should match the regular expression ^[a-z_][a-z0-9_]*$. Apparently Signed-off-by: Adam Warner --- test/tests/test_bash_functions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/tests/test_bash_functions.py b/test/tests/test_bash_functions.py index cf31abd..c9917f5 100644 --- a/test/tests/test_bash_functions.py +++ b/test/tests/test_bash_functions.py @@ -6,7 +6,7 @@ CMD_APPLY_FTL_CONFIG_FROM_ENV = ". bash_functions.sh ; apply_FTL_Configs_From_En @pytest.mark.parametrize("test_args", ['-e "FTLCONF_webserver_port=999"']) -def test_FTLCONF_webserver_port(docker): +def test_ftlconf_webserver_port(docker): func = docker.run(CMD_APPLY_FTL_CONFIG_FROM_ENV) assert "Applied pihole-FTL setting webserver.port=999" in func.stdout @@ -14,7 +14,7 @@ def test_FTLCONF_webserver_port(docker): @pytest.mark.parametrize( "test_args", ['-e "FTLCONF_dns_upstreams=1.1.1.1;8.8.8.8#1234"'] ) -def test_FTLCONF_dns_upstreams(docker): +def test_ftlconf_dns_upstreams(docker): func = docker.run(CMD_APPLY_FTL_CONFIG_FROM_ENV) assert ( 'Applied pihole-FTL setting dns.upstreams=["1.1.1.1","8.8.8.8#1234"]' From fee259597cb924ae9243486aff38a6c03ab9a1f7 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 24 Jul 2023 18:47:47 +0100 Subject: [PATCH 056/175] `./build-and-test.sh enter` was not working because bash not installed, change command to sh instead of bash Signed-off-by: Adam Warner --- build-and-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-and-test.sh b/build-and-test.sh index 353535e..0f90186 100755 --- a/build-and-test.sh +++ b/build-and-test.sh @@ -2,7 +2,7 @@ set -ex if [[ "$1" == "enter" ]]; then - enter="-it --entrypoint=bash" + enter="-it --entrypoint=sh" fi GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g") From 62dd8d503cfcd7c8a85a1345038f7ece008a13ac Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 23 Jul 2023 18:54:21 +0100 Subject: [PATCH 057/175] Allow the for changing of the UID/GID of the user/group pihole Signed-off-by: Adam Warner --- src/Dockerfile | 3 ++- src/start.sh | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 1d7aec8..69cc365 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -28,7 +28,8 @@ RUN apk add --no-cache \ procps \ ncurses \ binutils \ - tzdata + tzdata \ + shadow ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt diff --git a/src/start.sh b/src/start.sh index f538c29..94b6326 100644 --- a/src/start.sh +++ b/src/start.sh @@ -24,6 +24,25 @@ echo " [i] Starting docker specific checks & setup for docker pihole/pihole" # Initial checks # =========================== + +# If PIHOLE_UID is set, modify the pihole user's id to match +if [ -n "${PIHOLE_UID}" ]; then + currentId=$(id -u ${username}) + [[ ${currentId} -eq ${PIHOLE_UID} ]] && return + + echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})" + usermod -o -u ${PIHOLE_UID} pihole +fi + +# If PIHOLE_GID is set, modify the pihole group's id to match +if [ -n "${PIHOLE_GID}" ]; then + currentId=$(id -g pihole) + [[ ${currentId} -eq ${PIHOLE_GID} ]] && return + + echo " [i] Changing ID for group: pihole (${currentId} => ${PIHOLE_GID})" + groupmod -o -g ${PIHOLE_GID} pihole +fi + fix_capabilities # validate_env || exit 1 ensure_basic_configuration From f09b0d68bbcc4082f9a3a5cad42657ed34d93fee Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 26 Jul 2023 08:31:29 +0100 Subject: [PATCH 058/175] Add tests for UID/GID switching Signed-off-by: Adam Warner --- test/tests/test_general.py | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 test/tests/test_general.py diff --git a/test/tests/test_general.py b/test/tests/test_general.py new file mode 100644 index 0000000..3a4be2c --- /dev/null +++ b/test/tests/test_general.py @@ -0,0 +1,11 @@ +import pytest + +@pytest.mark.parametrize("test_args", ['-e "PIHOLE_UID=456"']) +def test_pihole_uid_env_var(docker): + func = docker.run('id -u pihole') + assert "456" in func.stdout + +@pytest.mark.parametrize("test_args", ['-e "PIHOLE_GID=456"']) +def test_pihole_gid_env_var(docker): + func = docker.run('id -g pihole') + assert "456" in func.stdout \ No newline at end of file From 2a8fa77adc873e51dd7e180393a0fb74e2312c07 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Wed, 26 Jul 2023 21:51:57 +0200 Subject: [PATCH 059/175] extracted functions need to be rewritten to remove the return Signed-off-by: edgd1er --- src/start.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/start.sh b/src/start.sh index 94b6326..491a26d 100644 --- a/src/start.sh +++ b/src/start.sh @@ -4,7 +4,6 @@ if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then set -x ; fi - # The below functions are all contained in bash_functions.sh # shellcheck source=/dev/null . /usr/bin/bash_functions.sh @@ -27,20 +26,20 @@ echo " [i] Starting docker specific checks & setup for docker pihole/pihole" # If PIHOLE_UID is set, modify the pihole user's id to match if [ -n "${PIHOLE_UID}" ]; then - currentId=$(id -u ${username}) - [[ ${currentId} -eq ${PIHOLE_UID} ]] && return - + currentId=$(id -u ${username}) + if [[ ${currentId} -ne ${PIHOLE_UID} ]]; then echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})" usermod -o -u ${PIHOLE_UID} pihole + fi fi # If PIHOLE_GID is set, modify the pihole group's id to match if [ -n "${PIHOLE_GID}" ]; then - currentId=$(id -g pihole) - [[ ${currentId} -eq ${PIHOLE_GID} ]] && return - + currentId=$(id -g pihole) + if [[ ${currentId} -ne ${PIHOLE_GID} ]]; then echo " [i] Changing ID for group: pihole (${currentId} => ${PIHOLE_GID})" groupmod -o -g ${PIHOLE_GID} pihole + fi fi fix_capabilities From a2770a3f18131b99f10bc8fcafa587a3ad3fc2b2 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Wed, 26 Jul 2023 22:50:10 +0200 Subject: [PATCH 060/175] uid/gid: add info when already as expected Signed-off-by: edgd1er --- src/start.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/start.sh b/src/start.sh index 491a26d..9d08d15 100644 --- a/src/start.sh +++ b/src/start.sh @@ -30,6 +30,8 @@ if [ -n "${PIHOLE_UID}" ]; then if [[ ${currentId} -ne ${PIHOLE_UID} ]]; then echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})" usermod -o -u ${PIHOLE_UID} pihole + else + echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change" fi fi @@ -39,6 +41,8 @@ if [ -n "${PIHOLE_GID}" ]; then if [[ ${currentId} -ne ${PIHOLE_GID} ]]; then echo " [i] Changing ID for group: pihole (${currentId} => ${PIHOLE_GID})" groupmod -o -g ${PIHOLE_GID} pihole + else + echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change" fi fi From 7cf55cb7228a595ce8116f5f39ff9a5eb4fb24c0 Mon Sep 17 00:00:00 2001 From: edgd1er Date: Wed, 26 Jul 2023 18:29:59 +0200 Subject: [PATCH 061/175] if skipgravityonboot set, check db version Signed-off-by: edgd1er --- src/start.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/start.sh b/src/start.sh index 9d08d15..87f22ea 100644 --- a/src/start.sh +++ b/src/start.sh @@ -26,7 +26,7 @@ echo " [i] Starting docker specific checks & setup for docker pihole/pihole" # If PIHOLE_UID is set, modify the pihole user's id to match if [ -n "${PIHOLE_UID}" ]; then - currentId=$(id -u ${username}) + currentId=$(id -u pihole) if [[ ${currentId} -ne ${PIHOLE_UID} ]]; then echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})" usermod -o -u ${PIHOLE_UID} pihole @@ -104,16 +104,24 @@ sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt /usr/sbin/crond +#migrate Database if needed: gravityDBfile=$(getFTLConfigValue files.gravity) - -if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then - if [ -n "$SKIPGRAVITYONBOOT" ];then - echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." - echo " Ignoring SKIPGRAVITYONBOOT on this occaision." - fi - pihole -g -else +if [ -n "${SKIPGRAVITYONBOOT}" ]; then + if [ -f "${gravityDBfile}" ]; then + #skip set + file =>update if needed echo " Skipping Gravity Database Update." + source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh + upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" + else + #skip set + nofile => pihole -g (install error) + echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." + echo " Ignoring SKIPGRAVITYONBOOT on this occasion." + pihole -g + fi +else + #skip not set + no file => error => create file + #skip not set + file => update db + lists + pihole -g fi pihole updatechecker From dfdf5fa9306fd62372a643074081a620c9e400d2 Mon Sep 17 00:00:00 2001 From: Gontier Julien Date: Fri, 28 Jul 2023 17:17:51 +0200 Subject: [PATCH 062/175] Tell alpine specifically to use procps-ng Signed-off-by: Gontier Julien --- src/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 69cc365..a7519f1 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -25,7 +25,7 @@ RUN apk add --no-cache \ iproute2-ss \ jq \ coreutils \ - procps \ + procps-ng \ ncurses \ binutils \ tzdata \ From 9a058c5511e952561de7aeaddb2cdf9f4b84e471 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Fri, 28 Jul 2023 10:10:10 -0700 Subject: [PATCH 063/175] Alphebetize dependencies for organization. --- src/Dockerfile | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index a7519f1..ab399a2 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -12,24 +12,24 @@ ENV DNSMASQ_USER=pihole ENV FTL_CMD=no-daemon RUN apk add --no-cache \ - git \ bash \ - curl \ bind-tools \ - nmap-ncat \ - psmisc \ - sudo \ - unzip \ - wget \ - libcap \ + binutils \ + coreutils \ + curl \ + git \ iproute2-ss \ jq \ - coreutils \ - procps-ng \ + libcap \ ncurses \ - binutils \ + nmap-ncat \ + procps-ng \ + psmisc \ + shadow \ + sudo \ tzdata \ - shadow + unzip \ + wget ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt From e88985ba400fca05530b66e200f7f7c286d877f3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 28 Jul 2023 21:58:48 +0100 Subject: [PATCH 064/175] This is not needed! MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Christian König Signed-off-by: Adam Warner --- src/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index ab399a2..7354879 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -17,7 +17,7 @@ RUN apk add --no-cache \ binutils \ coreutils \ curl \ - git \ + git \ iproute2-ss \ jq \ libcap \ @@ -54,7 +54,6 @@ RUN cd /etc/.pihole && \ install -Dm755 -d /opt/pihole && \ install -Dm755 -t /opt/pihole gravity.sh && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/*.sh && \ - install -Dm755 -t /opt/pihole ./automated\ install/uninstall.sh && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/COL_TABLE && \ install -Dm755 -t /usr/local/bin pihole && \ install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ From 76b6d5bdb4c7bb73eba777f5d0bce86d92fd28a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 31 Jul 2023 23:38:39 +0200 Subject: [PATCH 065/175] Add PADD to the image MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Dockerfile b/src/Dockerfile index 7354879..daa0a02 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -34,6 +34,10 @@ RUN apk add --no-cache \ ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt +# Add PADD to the container, too. +ADD https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd +RUN chmod +x /usr/local/bin/padd + # download a the main repos from github RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole ;\ From d89d826951da0b87e8021d808017097307c0b830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 1 Aug 2023 13:38:24 +0200 Subject: [PATCH 066/175] Add padd alias MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 3 +-- src/start.sh | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index daa0a02..12b1732 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -35,8 +35,7 @@ ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt # Add PADD to the container, too. -ADD https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd -RUN chmod +x /usr/local/bin/padd +ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd # download a the main repos from github RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ diff --git a/src/start.sh b/src/start.sh index 9d08d15..0766783 100644 --- a/src/start.sh +++ b/src/start.sh @@ -87,6 +87,10 @@ if [ "${INSTALL_DEV_TOOLS:-0}" -gt 0 ] ; then apk add --no-cache nano less fi +# Add an alias for padd to the root user's bashrc +port="${FTLCONF_webserver_port%%,*}" +echo "alias padd='padd --port ${port:-8080} --secret ${FTLCONF_webserver_api_password}'" > /root/.bashrc + # Remove possible leftovers from previous pihole-FTL processes rm -f /dev/shm/FTL-* 2> /dev/null rm -f /run/pihole/FTL.sock From 81e76714414509474f1664d5e3bef8f224ce6cf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 2 Aug 2023 22:20:20 +0200 Subject: [PATCH 067/175] Revert alias and make branch configurable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 3 ++- src/start.sh | 3 --- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 12b1732..0710c74 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -7,6 +7,7 @@ ARG WEB_BRANCH="development-v6" ARG CORE_BRANCH="development-v6" ARG FTL_BRANCH="development-v6" ARG PIHOLE_DOCKER_TAG="unknown" +ARG PADD_BRANCH="PADD_FTLv6" ENV DNSMASQ_USER=pihole ENV FTL_CMD=no-daemon @@ -35,7 +36,7 @@ ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt # Add PADD to the container, too. -ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/PADD_FTLv6/padd.sh /usr/local/bin/padd +ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/${PADD_BRANCH}/padd.sh /usr/local/bin/padd # download a the main repos from github RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ diff --git a/src/start.sh b/src/start.sh index 0766783..aeb924c 100644 --- a/src/start.sh +++ b/src/start.sh @@ -87,9 +87,6 @@ if [ "${INSTALL_DEV_TOOLS:-0}" -gt 0 ] ; then apk add --no-cache nano less fi -# Add an alias for padd to the root user's bashrc -port="${FTLCONF_webserver_port%%,*}" -echo "alias padd='padd --port ${port:-8080} --secret ${FTLCONF_webserver_api_password}'" > /root/.bashrc # Remove possible leftovers from previous pihole-FTL processes rm -f /dev/shm/FTL-* 2> /dev/null From f24dd34e37f8c192ed8eacff3e30c79a5530e8cb Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 2 Aug 2023 23:00:00 +0100 Subject: [PATCH 068/175] Update src/start.sh Signed-off-by: Adam Warner --- src/start.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/src/start.sh b/src/start.sh index aeb924c..9d08d15 100644 --- a/src/start.sh +++ b/src/start.sh @@ -87,7 +87,6 @@ if [ "${INSTALL_DEV_TOOLS:-0}" -gt 0 ] ; then apk add --no-cache nano less fi - # Remove possible leftovers from previous pihole-FTL processes rm -f /dev/shm/FTL-* 2> /dev/null rm -f /run/pihole/FTL.sock From 0748c7fc62cf275732151fe2e155e66b39437713 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 9 Aug 2023 19:46:48 +0100 Subject: [PATCH 069/175] Update src/start.sh Signed-off-by: Adam Warner --- src/start.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/start.sh b/src/start.sh index 87f22ea..95d235f 100644 --- a/src/start.sh +++ b/src/start.sh @@ -110,6 +110,7 @@ if [ -n "${SKIPGRAVITYONBOOT}" ]; then if [ -f "${gravityDBfile}" ]; then #skip set + file =>update if needed echo " Skipping Gravity Database Update." + # TODO: Revist this path if we move to a multistage build source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" else From b56b8d03c4a6cbea284a41fcf147d39ad04260d5 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 26 Jul 2023 22:35:21 +0100 Subject: [PATCH 070/175] black formatted some tests Signed-off-by: Adam Warner --- test/tests/test_general.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/tests/test_general.py b/test/tests/test_general.py index 3a4be2c..47d6e2a 100644 --- a/test/tests/test_general.py +++ b/test/tests/test_general.py @@ -1,11 +1,13 @@ import pytest + @pytest.mark.parametrize("test_args", ['-e "PIHOLE_UID=456"']) def test_pihole_uid_env_var(docker): - func = docker.run('id -u pihole') + func = docker.run("id -u pihole") assert "456" in func.stdout + @pytest.mark.parametrize("test_args", ['-e "PIHOLE_GID=456"']) def test_pihole_gid_env_var(docker): - func = docker.run('id -g pihole') - assert "456" in func.stdout \ No newline at end of file + func = docker.run("id -g pihole") + assert "456" in func.stdout From b674a8bde7191e653b24f763d8771ae2e10092f9 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 26 Jul 2023 22:50:18 +0100 Subject: [PATCH 071/175] Who needs an init system anyway? Add a trap to ensure that pihole-FTL shuts down cleanly on container exit. Signed-off-by: Adam Warner --- src/start.sh | 222 +++++++++++++++++++++++++++------------------------ 1 file changed, 117 insertions(+), 105 deletions(-) diff --git a/src/start.sh b/src/start.sh index 95d235f..455c317 100644 --- a/src/start.sh +++ b/src/start.sh @@ -1,139 +1,151 @@ #!/bin/bash -e -if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x ; +if [ "${PH_VERBOSE:-0}" -gt 0 ]; then + set -x fi -# The below functions are all contained in bash_functions.sh -# shellcheck source=/dev/null -. /usr/bin/bash_functions.sh +trap stop TERM INT QUIT HUP ERR +start() { -# shellcheck source=/dev/null -# SKIP_INSTALL=true . /etc/.pihole/automated\ install/basic-install.sh + # The below functions are all contained in bash_functions.sh + # shellcheck source=/dev/null + . /usr/bin/bash_functions.sh -echo " [i] Starting docker specific checks & setup for docker pihole/pihole" + # shellcheck source=/dev/null + # SKIP_INSTALL=true . /etc/.pihole/automated\ install/basic-install.sh -# TODO: -#if [ ! -f /.piholeFirstBoot ] ; then -# echo " [i] Not first container startup so not running docker's setup, re-create container to run setup again" -#else -# regular_setup_functions -#fi + echo " [i] Starting docker specific checks & setup for docker pihole/pihole" -# Initial checks -# =========================== + # TODO: + #if [ ! -f /.piholeFirstBoot ] ; then + # echo " [i] Not first container startup so not running docker's setup, re-create container to run setup again" + #else + # regular_setup_functions + #fi -# If PIHOLE_UID is set, modify the pihole user's id to match -if [ -n "${PIHOLE_UID}" ]; then - currentId=$(id -u pihole) - if [[ ${currentId} -ne ${PIHOLE_UID} ]]; then - echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})" - usermod -o -u ${PIHOLE_UID} pihole - else - echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change" + # Initial checks + # =========================== + + # If PIHOLE_UID is set, modify the pihole user's id to match + if [ -n "${PIHOLE_UID}" ]; then + currentId=$(id -u pihole) + if [[ ${currentId} -ne ${PIHOLE_UID} ]]; then + echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})" + usermod -o -u ${PIHOLE_UID} pihole + else + echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change" + fi fi -fi -# If PIHOLE_GID is set, modify the pihole group's id to match -if [ -n "${PIHOLE_GID}" ]; then - currentId=$(id -g pihole) - if [[ ${currentId} -ne ${PIHOLE_GID} ]]; then - echo " [i] Changing ID for group: pihole (${currentId} => ${PIHOLE_GID})" - groupmod -o -g ${PIHOLE_GID} pihole - else - echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change" + # If PIHOLE_GID is set, modify the pihole group's id to match + if [ -n "${PIHOLE_GID}" ]; then + currentId=$(id -g pihole) + if [[ ${currentId} -ne ${PIHOLE_GID} ]]; then + echo " [i] Changing ID for group: pihole (${currentId} => ${PIHOLE_GID})" + groupmod -o -g ${PIHOLE_GID} pihole + else + echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change" + fi fi -fi -fix_capabilities -# validate_env || exit 1 -ensure_basic_configuration + fix_capabilities + # validate_env || exit 1 + ensure_basic_configuration + apply_FTL_Configs_From_Env -apply_FTL_Configs_From_Env + # Web interface setup + # =========================== + # load_web_password_secret + # setup_web_password -# Web interface setup -# =========================== -# load_web_password_secret -# setup_web_password + # Misc Setup + # =========================== + # setup_blocklists -# Misc Setup -# =========================== -# setup_blocklists + # FTL setup + # =========================== -# FTL setup -# =========================== + # setup_FTL_User + # setup_FTL_query_logging -# setup_FTL_User -# setup_FTL_query_logging + [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot -[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot + echo " [i] Docker start setup complete" + echo "" -echo " [i] Docker start setup complete" -echo "" + echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" + echo "" - -echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" -echo "" - - -if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x ; -fi - -# Install editors inside container if requested -if [ "${INSTALL_DEV_TOOLS:-0}" -gt 0 ] ; then + # Install editors inside container if requested + if [ "${INSTALL_DEV_TOOLS:-0}" -gt 0 ]; then apk add --no-cache nano less -fi + fi -# Remove possible leftovers from previous pihole-FTL processes -rm -f /dev/shm/FTL-* 2> /dev/null -rm -f /run/pihole/FTL.sock + # Remove possible leftovers from previous pihole-FTL processes + rm -f /dev/shm/FTL-* 2>/dev/null + rm -f /run/pihole/FTL.sock + # Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc) + # crond + # Randomize gravity update time + sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt + # Randomize update checker time + sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt + /usr/bin/crontab /crontab.txt -# Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc) -# crond - -# Randomize gravity update time -sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt -# Randomize update checker time -sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt -/usr/bin/crontab /crontab.txt - -/usr/sbin/crond + /usr/sbin/crond #migrate Database if needed: -gravityDBfile=$(getFTLConfigValue files.gravity) -if [ -n "${SKIPGRAVITYONBOOT}" ]; then - if [ -f "${gravityDBfile}" ]; then - #skip set + file =>update if needed - echo " Skipping Gravity Database Update." - # TODO: Revist this path if we move to a multistage build - source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh - upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" - else - #skip set + nofile => pihole -g (install error) - echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." - echo " Ignoring SKIPGRAVITYONBOOT on this occasion." - pihole -g - fi -else - #skip not set + no file => error => create file - #skip not set + file => update db + lists - pihole -g -fi + gravityDBfile=$(getFTLConfigValue files.gravity) + if [ -n "${SKIPGRAVITYONBOOT}" ]; then + if [ -f "${gravityDBfile}" ]; then + #skip set + file =>update if needed + echo " Skipping Gravity Database Update." + # TODO: Revist this path if we move to a multistage build + source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh + upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" + else + #skip set + nofile => pihole -g (install error) + echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." + echo " Ignoring SKIPGRAVITYONBOOT on this occasion." + pihole -g + fi + else + echo " Skipping Gravity Database Update." + fi -pihole updatechecker + pihole updatechecker -# Start FTL. TODO: We need to either mock the service file or update the pihole script in the main repo to restart FTL if no init system is present -sh /opt/pihole/pihole-FTL-prestart.sh -capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & + # Start pihole-FTL -tail -f /var/log/pihole-FTL.log + sh /opt/pihole/pihole-FTL-prestart.sh + capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & -# Notes on above: -# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env -# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too -# prevent duplicating it in docker logs by sending to dev null + tail -f /var/log/pihole-FTL.log & + + # https://stackoverflow.com/a/49511035 + wait $! + # Notes on above: + # - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env + # - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too + # prevent duplicating it in docker logs by sending to dev null + +} + +stop() { + # Ensure pihole-FTL shuts down cleanly on SIGTERM/SIGINT + ftl_pid=$(pgrep pihole-FTL) + killall --signal 15 pihole-FTL + + # Wait for pihole-FTL to exit + while test -d /proc/"${ftl_pid}"; do + sleep 0.5 + done + + exit +} + +start From 3cebec93446c4d56c691ebc08e4a0081bad16f2b Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 28 Jul 2023 18:25:38 +0100 Subject: [PATCH 072/175] Add tini anyway (see `tini + bash 4.x at https://ahmet.im/blog/minimal-init-process-for-containers/) bash isn't going anywhere for the time being Signed-off-by: Adam Warner --- src/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 0710c74..7acef85 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -28,6 +28,7 @@ RUN apk add --no-cache \ psmisc \ shadow \ sudo \ + tini \ tzdata \ unzip \ wget @@ -71,4 +72,4 @@ COPY --chmod=0755 start.sh /usr/bin/start.sh HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 -ENTRYPOINT [ "start.sh" ] +ENTRYPOINT ["/bin/tini", "--", "start.sh"] From 94795db7e9b4c8671de50668d584a0b0155b3eef Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 28 Jul 2023 20:34:43 +0100 Subject: [PATCH 073/175] correct tini path Signed-off-by: Adam Warner --- src/Dockerfile | 2 +- src/start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 7acef85..81f88d9 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -72,4 +72,4 @@ COPY --chmod=0755 start.sh /usr/bin/start.sh HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 -ENTRYPOINT ["/bin/tini", "--", "start.sh"] +ENTRYPOINT ["/sbin/tini", "--", "start.sh"] diff --git a/src/start.sh b/src/start.sh index 455c317..0563cf3 100644 --- a/src/start.sh +++ b/src/start.sh @@ -104,7 +104,7 @@ start() { if [ -f "${gravityDBfile}" ]; then #skip set + file =>update if needed echo " Skipping Gravity Database Update." - # TODO: Revist this path if we move to a multistage build + # TODO: Revisit this path if we move to a multistage build source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" else From 696895fa59223b29228fb0f05e9ca0b0cda963a4 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 9 Aug 2023 22:13:28 +0100 Subject: [PATCH 074/175] Fix some broken logic in the gravity skip code (I should have read it better) Signed-off-by: Adam Warner --- src/bash_functions.sh | 4 +++- src/start.sh | 30 ++++++++++++++++-------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 89a47a9..17eface 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -52,7 +52,9 @@ ensure_basic_configuration() { # chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" mkdir -p /etc/pihole - echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >> /etc/pihole/adlists.list + if [[ ! -f /etc/pihole/adlists.list ]]; then + echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" > /etc/pihole/adlists.list + fi chown -R pihole:pihole /etc/pihole diff --git a/src/start.sh b/src/start.sh index 0563cf3..47c702f 100644 --- a/src/start.sh +++ b/src/start.sh @@ -98,24 +98,26 @@ start() { /usr/sbin/crond -#migrate Database if needed: + #migrate Database if needed: gravityDBfile=$(getFTLConfigValue files.gravity) - if [ -n "${SKIPGRAVITYONBOOT}" ]; then - if [ -f "${gravityDBfile}" ]; then - #skip set + file =>update if needed - echo " Skipping Gravity Database Update." - # TODO: Revisit this path if we move to a multistage build - source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh - upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" - else - #skip set + nofile => pihole -g (install error) + + if [ ! -f "${gravityDBfile}" ]; then + if [ -n "${SKIPGRAVITYONBOOT}" ]; then echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." echo " Ignoring SKIPGRAVITYONBOOT on this occasion." - pihole -g - fi - else - echo " Skipping Gravity Database Update." + unset SKIPGRAVITYONBOOT fi + else + # TODO: Revisit this path if we move to a multistage build + source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh + upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" + fi + + if [ -n "${SKIPGRAVITYONBOOT}" ]; then + echo " Skipping Gravity Database Update." + else + pihole -g + fi pihole updatechecker From b41d50b94fca1cb34e9fc26fda6806ea64bf8272 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 9 Aug 2023 22:57:35 +0100 Subject: [PATCH 075/175] Remove volume mount from tests, this causes issues with gravity not being able to read an adlist file symlinked to /dev/null Signed-off-by: Adam Warner --- test/tests/conftest.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/test/tests/conftest.py b/test/tests/conftest.py index 1399160..bbb2df8 100644 --- a/test/tests/conftest.py +++ b/test/tests/conftest.py @@ -35,19 +35,14 @@ def run_and_stream_command_output(): return run_and_stream_command_output_inner -@pytest.fixture() -def args_volumes(): - return "-v /dev/null:/etc/pihole/adlists.list" - - @pytest.fixture() def args_env(): return '-e TZ="Europe/London"' @pytest.fixture() -def args(args_volumes, args_env): - return "{} {}".format(args_volumes, args_env) +def args(args_env): + return "{}".format(args_env) @pytest.fixture() From 374f6f2537a63bd00685de430fcb0208479aebb3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 9 Aug 2023 23:31:39 +0100 Subject: [PATCH 076/175] Add in a test to kill start.sh and then ensure that pihole-FTL is gracefully exited. We add in some sleeps to ensure that the log file is being written to before we check it Log entry tests are based on many different passes of running this locally with all sorts of timeouts and sleeps, this seems to be the most consistent Signed-off-by: Adam Warner --- src/bash_functions.sh | 7 +++++-- src/start.sh | 6 ++++++ test/tests/test_general.py | 17 +++++++++++++++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 17eface..1911bea 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -52,9 +52,12 @@ ensure_basic_configuration() { # chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" mkdir -p /etc/pihole - if [[ ! -f /etc/pihole/adlists.list ]]; then - echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" > /etc/pihole/adlists.list + if [[ -z "${PYTEST}" ]]; then + if [[ ! -f /etc/pihole/adlists.list ]]; then + echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >/etc/pihole/adlists.list + fi fi + chown -R pihole:pihole /etc/pihole diff --git a/src/start.sh b/src/start.sh index 47c702f..1e293b0 100644 --- a/src/start.sh +++ b/src/start.sh @@ -147,6 +147,12 @@ stop() { sleep 0.5 done + # If we are running pytest, keep the container alive for a little longer + # to allow the tests to complete + if [[ ${PYTEST} ]]; then + sleep 10 + fi + exit } diff --git a/test/tests/test_general.py b/test/tests/test_general.py index 47d6e2a..a0f5398 100644 --- a/test/tests/test_general.py +++ b/test/tests/test_general.py @@ -11,3 +11,20 @@ def test_pihole_uid_env_var(docker): def test_pihole_gid_env_var(docker): func = docker.run("id -g pihole") assert "456" in func.stdout + + +# We immediately remove the adlists.list file so that gravity does not attempt to download a default list +# Wait 5 seconds for gravity to finish, then kill the start.sh script +# Finally, tail the FTL log to see if it shuts down cleanly +@pytest.mark.parametrize("test_args", ['-e "PH_VERBOSE=1"']) +def test_pihole_ftl_clean_shutdown(docker): + func = docker.run( + """ + sleep 5 + killall --signal 15 start.sh + sleep 5 + tail -f /var/log/pihole-FTL.log + """ + ) + assert "INFO: Shutting down... // exit code 0 // jmpret 0" in func.stdout + assert "INFO: ########## FTL terminated after" in func.stdout From 7e4de03a1ffa146e9a7c747ba8139229b3bbdc4a Mon Sep 17 00:00:00 2001 From: Adam Monsen Date: Tue, 22 Aug 2023 16:36:39 -0700 Subject: [PATCH 077/175] add EUPL license I copied this file from https://github.com/pi-hole/pi-hole --- LICENSE | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9ce6e5b --- /dev/null +++ b/LICENSE @@ -0,0 +1,146 @@ +Copyright (C) 2017 Pi-hole, LLC (https://pi-hole.net) +Pi-hole Core + +This software is licensed under the European Union Public License (EUPL) +The license is available in the 22 official languages of the EU. The English version is included here. +Please see https://joinup.ec.europa.eu/community/eupl/og_page/eupl for official translations of the other languages. + +This license applies to the whole project EXCEPT: + + - any commits made to the master branch prior to the release of version 3.0 + +The licenses that existed prior to this change have remained intact. + +------------------------------------------------------------- +EUROPEAN UNION PUBLIC LICENCE v. 1.2 + +EUPL © the European Union 2007, 2016 + +This European Union Public Licence (the EUPL) applies to the Work (as defined below) which is provided under the terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such use is covered by a right of the copyright holder of the Work). +The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following notice immediately following the copyright notice for the Work: +Licensed under the EUPL +or has expressed by any other means his willingness to license under the EUPL. + +1. Definitions + +In this Licence, the following terms have the following meaning: + +- The Licence: this Licence. +- The Original Work: the work or software distributed or communicated by the Licensor under this Licence, available as Source Code and also as Executable Code as the case may be. +- Derivative Works: the works or software that could be created by the Licensee, based upon the Original Work or modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in the country mentioned in Article 15. +- The Work: the Original Work or its Derivative Works. +- The Source Code: the human-readable form of the Work which is the most convenient for people to study and modify. +- The Executable Code: any code which has generally been compiled and which is meant to be interpreted by a computer as a program. +- The Licensor: the natural or legal person that distributes or communicates the Work under the Licence. +- Contributor(s): any natural or legal person who modifies the Work under the Licence, or otherwise contributes to the creation of a Derivative Work. +- The Licensee or You: any natural or legal person who makes any usage of the Work under the terms of the Licence. +- Distribution or Communication: any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential functionalities at the disposal of any other natural or legal person. + +2. Scope of the rights granted by the Licence + +The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for the duration of copyright vested in the Original Work: +- use the Work in any circumstance and for all usage, +- reproduce the Work, +- modify the Work, and make Derivative Works based upon the Work, +- communicate to the public, including the right to make available or display the Work or copies thereof to the public and perform publicly, as the case may be, the Work, +- distribute the Work or copies thereof, +- lend and rent the Work or copies thereof, +- sublicense rights in the Work or copies thereof. +Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the applicable law permits so. +In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed by law in order to make effective the licence of the economic rights here above listed. +The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the extent necessary to make use of the rights granted on the Work under this Licence. + +3. Communication of the Source Code + +The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to distribute or communicate the Work. + +4. Limitations on copyright + +Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations thereto. + +5. Obligations of the Licensee + +The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those obligations are the following: + +Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work to carry prominent notices stating that the Work has been modified and the date of modification. + +Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless the Original Work is expressly distributed only under this version of the Licence - for example by communicating EUPL v. 1.2 only. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the Work or Derivative Work that alter or restrict the terms of the Licence. + +Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done under the terms of this Compatible Licence. For the sake of this clause, Compatible Licence refers to the licences listed in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail. + +Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available for as long as the Licensee continues to distribute or communicate the Work. + +Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the copyright notice. + +6. Chain of Authorship + +The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence. + +Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence. + +Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions to the Work, under the terms of this Licence. + +7. Disclaimer of Warranty + +The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work and may therefore contain defects or bugs inherent to this type of development. +For the above reason, the Work is provided under the Licence on an as is basis and without warranties of any kind concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this Licence. +This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work. + +8. Disclaimer of Liability + +Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However, the Licensor will be liable under statutory product liability laws as far such laws apply to the Work. + +9. Additional agreements + +While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by the fact You have accepted any warranty or additional liability. + +10. Acceptance of the Licence + +The provisions of this Licence can be accepted by clicking on an icon I agree placed under the bottom of a window displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms and conditions. +Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution or Communication by You of the Work or copies thereof. + +11. Information to the public + +In case of any Distribution or Communication of the Work by means of electronic communication by You (for example, by offering to download the Work from a remote location) the distribution channel or media (for example, a website) must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence and the way it may be accessible, concluded, stored and reproduced by the Licensee. + +12. Termination of the Licence + +The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms of the Licence. +Such a termination will not terminate the licences of any person who has received the Work from the Licensee under the Licence, provided such persons remain in full compliance with the Licence. + +13. Miscellaneous + +Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the Work. +If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid and enforceable. +The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence. New versions of the Licence will be published with a unique version number. +All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take advantage of the linguistic version of their choice. + +14. Jurisdiction + +Without prejudice to specific agreement between parties, +- any litigation resulting from the interpretation of this License, arising between the European Union institutions, bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union, +- any litigation arising between other parties and resulting from the interpretation of this License, will be subject to the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business. + +15. Applicable Law + +Without prejudice to specific agreement between parties, +- this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat, resides or has his registered office, +- this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside a European Union Member State. + +=== + +Appendix + +Compatible Licences according to Article 5 EUPL are: +- GNU General Public License (GPL) v. 2, v. 3 +- GNU Affero General Public License (AGPL) v. 3 +- Open Software License (OSL) v. 2.1, v. 3.0 +- Eclipse Public License (EPL) v. 1.0 +- CeCILL v. 2.0, v. 2.1 +- Mozilla Public Licence (MPL) v. 2 +- GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3 +- Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software +- European Union Public Licence (EUPL) v. 1.1, v. 1.2 +- Québec Free and Open-Source Licence - Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+) +- The European Commission may update this Appendix to later versions of the above licences without producing a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the covered Source Code from exclusive appropriation. +- All other changes or additions to this Appendix require the production of a new EUPL version. From 76e09bf15a97fd5a0cf7a13488fe843aa847701b Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 3 Sep 2023 13:02:50 +0100 Subject: [PATCH 078/175] Give users an option to silence the FTL log output by passing in the environment variable TAIL_FTL_LOG with a value of 0. Defaults to enabled (1) Signed-off-by: Adam Warner --- src/start.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/start.sh b/src/start.sh index 1e293b0..1a1c01a 100644 --- a/src/start.sh +++ b/src/start.sh @@ -114,7 +114,7 @@ start() { fi if [ -n "${SKIPGRAVITYONBOOT}" ]; then - echo " Skipping Gravity Database Update." + echo " [i] Skipping Gravity Database Update." else pihole -g fi @@ -126,7 +126,11 @@ start() { sh /opt/pihole/pihole-FTL-prestart.sh capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & - tail -f /var/log/pihole-FTL.log & + if [ "${TAIL_FTL_LOG:-1}" -eq 1 ]; then + tail -f /var/log/pihole-FTL.log & + else + echo " [i] FTL log output is disabled. Remove the Environment variable TAIL_FTL_LOG, or set it to 1 to enable FTL log output." + fi # https://stackoverflow.com/a/49511035 wait $! From 9ee27ed2f843bab7f6ab3c86e76b9d6a56503531 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Sep 2023 10:09:31 +0000 Subject: [PATCH 079/175] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 4 ++-- .github/workflows/build-and-test.yml | 2 +- .github/workflows/codespell.yml | 2 +- .github/workflows/sync-back-to-dev.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 8e6aeb7..d32ba93 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -28,7 +28,7 @@ jobs: container: edge steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Docker meta (Docker Hub and GitHub Container Registry) id: meta @@ -97,7 +97,7 @@ jobs: - build steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Download digests uses: actions/download-artifact@v3 diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 1699d1b..30654c4 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -14,7 +14,7 @@ jobs: platform: [linux/amd64, linux/arm64/v8] steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v2 diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 3239ca5..2f6e519 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Spell-Checking uses: codespell-project/actions-codespell@master diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml index 70a5c1c..fb0e831 100644 --- a/.github/workflows/sync-back-to-dev.yml +++ b/.github/workflows/sync-back-to-dev.yml @@ -11,7 +11,7 @@ jobs: name: Syncing branches steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v4 - name: Opening pull request run: gh pr create -B dev -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal' env: From 48970d8bb7a19784326faa30a181519688d8c45a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 10 Sep 2023 17:13:33 +0100 Subject: [PATCH 080/175] Quick first pass of Readme update. Probably still needs more work. Can happen as we go Signed-off-by: Adam Warner --- README.md | 61 ++++++++++++++---------------------------- examples/docker_run.sh | 6 ++--- 2 files changed, 23 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 7b98b5c..68cb590 100644 --- a/README.md +++ b/README.md @@ -5,18 +5,16 @@

+ ## Upgrade Notes +## !!! THIS VERSION CONTAINS BREAKING CHANGES !!! + +### v[ChangeMeBeforeTagging] has been entirely redesigned from the ground up and contains many breaking changes. Environment variable names have changed, script locations may have changed. Please read the the Readme carefully before proceeding. + +--- - **Using Watchtower? See the [Note on Watchtower](#note-on-watchtower) at the bottom of this readme** -- As of `2023.01`, if you have any modifications for lighttpd via an `external.conf` file, this file now needs to be mapped into `/etc/lighttpd/conf-enabled/whateverfile.conf` instead - -- Due to [a known issue with Docker and libseccomp <2.5](https://github.com/moby/moby/issues/40734), you may run into issues running `2022.04` and later on host systems with an older version of `libseccomp2` ([Such as Debian/Raspbian buster or Ubuntu 20.04](https://pkgs.org/download/libseccomp2), and maybe [CentOS 7](https://pkgs.org/download/libseccomp)). - - The first recommendation is to upgrade your host OS, which will include a more up to date (and fixed) version of `libseccomp`. - - _If you absolutely cannot do this, some users [have reported](https://github.com/pi-hole/docker-pi-hole/issues/1042#issuecomment-1086728157) success in updating `libseccomp2` via backports on debian, or similar via updates on Ubuntu. You can try this workaround at your own risk_ (Note, you may also find that you need the latest `docker.io` (more details [here](https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/)) - - Some users [have reported issues](https://github.com/pi-hole/docker-pi-hole/issues/963#issuecomment-1095602502) with using the `--privileged` flag on `2022.04` and above. TL;DR, don't use that mode, and be [explicit with the permitted caps](https://github.com/pi-hole/docker-pi-hole#note-on-capabilities) (if needed) instead ## Quick Start @@ -44,14 +42,14 @@ services: # Volumes store your data between container upgrades volumes: - './etc-pihole:/etc/pihole' - - './etc-dnsmasq.d:/etc/dnsmasq.d' - # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # - './etc-dnsmasq.d:/etc/dnsmasq.d' # Only needed if you have some custom configs for dnsmasq + # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities cap_add: - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed restart: unless-stopped ``` 2. Run `docker compose up -d` to build and start pi-hole (Syntax may be `docker-compose` on older systems) -3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting. (This can also be achieved by setting the environment variable `DNSMASQ_LISTENING` to `all`) +3. If using Docker's default `bridge` network setting, set the environment variable `FTLCONF_dns_listeningMode` to `all` [Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh). @@ -59,7 +57,7 @@ services: A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 and ARM container with [Pi-hole](https://pi-hole.net) functionality. -1) Install docker for your [x86-64 system](https://www.docker.com/community-edition) or [ARMv7 system](https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/) using those links. [Docker-compose](https://docs.docker.com/compose/install/) is also recommended. +1) Install Docker. [Docker-compose](https://docs.docker.com/compose/install/) is also recommended. 2) Use the above quick start example, customize if desired. 3) Enjoy! @@ -73,14 +71,11 @@ If you're using a Red Hat based distribution with an SELinux Enforcing policy ad ``` -v "$(pwd)/etc-pihole:/etc/pihole:z" \ - -v "$(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d:z" \ ``` -Volumes are recommended for persisting data across container re-creations for updating images. The IP lookup variables may not work for everyone, please review their values and hard code IP and IPv6 if necessary. +Volumes are recommended for persisting data across container re-creations for updating images. -You can customize where to store persistent data by setting the `PIHOLE_BASE` environment variable when invoking `docker_run.sh` (e.g. `PIHOLE_BASE=/opt/pihole-storage ./docker_run.sh`). If `PIHOLE_BASE` is not set, files are stored in your current directory when you invoke the script. - -**Automatic Ad List Updates** - since the 3.0+ release, `cron` is baked into the container and will grab the newest versions of your lists and flush your logs. **Set your TZ** environment variable to make sure the midnight log rotation syncs up with your timezone's midnight. +**Automatic Ad List Updates** - `cron` is baked into the container and will grab the newest versions of your lists and flush your logs. This happens once per week in the small hours of Sunday morning. ## Running DHCP from Docker Pi-Hole @@ -95,37 +90,30 @@ There are other environment variables if you want to customize various things in | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | | `TZ` | UTC | `` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. -| `WEBPASSWORD` | random | `` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass. +| `FTLCONF_webserver_api_password` | random | `` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass. | `FTLCONF_dns_upstreams` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4`
(supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0;upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services
Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation | -| `FTLCONF_LOCAL_IPV4` | unset | `` | Set to your server's LAN IP, used by web block modes. ### Optional Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -| `VIRTUAL_HOST` | `${HOSTNAME}` | `` | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address -| `IPv6` | `true` | `<"true"\|"false">` | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false. -| `QUERY_LOGGING` | `true` | `<"true"\|"false">` | Enable query logging or not. -| `WEBPASSWORD_FILE`| unset | `` |Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored. If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`. +| `TAIL_FTL_LOG` | unset | `` | Whether or not to output the FTL log when running the. Useful for debugging/watching what FTL is doing. ### Advanced Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -| `WEB_BIND_ADDR` | unset | `` | Lighttpd's bind address. If left unset lighttpd will bind to every interface, except when running in host networking mode where it will use `FTLCONF_LOCAL_IPV4` instead. | `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. -| `CORS_HOSTS` | unset | `` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported. Eg: `CORS_HOSTS: domain.com,home.domain.com,www.domain.com`. | `FTL_CMD` | `no-daemon` | `no-daemon -- ` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. | -| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the [FTLDNS Configuration page](https://docs.pi-hole.net/ftldns/configfile/). For example, to customize LOCAL_IPV4, ensure you have the `FTLCONF_LOCAL_IPV4` environment variable set. +| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'` +| `PIHOLE_UID` | `999` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | +| `PIHOLE_GID` | `999` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| +| `DNSMASQ_USER` | unset | `` | Allows changing the user that FTLDNS runs as. Default: `pihole`, some systems such as Synology NAS may require you to change this to `root` (See [#963](https://github.com/pi-hole/docker-pi-hole/issues/963)) | ### Experimental Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -| `DNSMASQ_USER` | unset | `` | Allows changing the user that FTLDNS runs as. Default: `pihole`, some systems such as Synology NAS may require you to change this to `root` (See [#963](https://github.com/pi-hole/docker-pi-hole/issues/963)) | -| `PIHOLE_UID` | `999` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | -| `PIHOLE_GID` | `999` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| -| `WEB_UID` | `33` | Number | Overrides image's default www-data user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! (Make sure it is different to `PIHOLE_UID` if you are using that, also)| -| `WEB_GID` | `33` | Number | Overrides image's default www-data group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container! (Make sure it is different to `PIHOLE_GID` if you are using that, also)| -| `WEBLOGS_STDOUT` | 0 | 0|1 | 0 logs to defined files, 1 redirect access and error logs to stdout | +|Left Blank for future expansion| | | | + To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1` @@ -136,7 +124,6 @@ Here is a rundown of other arguments for your docker-compose / docker run. | `-p :` **Recommended** | Ports to expose (53, 80, 67), the bare minimum ports required for Pi-holes HTTP and DNS services | `--restart=unless-stopped`
**Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash | `-v $(pwd)/etc-pihole:/etc/pihole`
**Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates -| `-v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d`
**Recommended** | Volumes for your dnsmasq configs help persist changes across docker image updates | `--net=host`
*Optional* | Alternative to `-p :` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings. | `--cap-add=NET_ADMIN`
*Recommended* | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities. | `--dns=127.0.0.1`
*Optional* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, may fix resolution errors on container restart. @@ -234,14 +221,6 @@ We install all pihole utilities so the the built in [pihole commands](https://di The webserver and DNS service inside the container can be customized if necessary. Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts or if you need to modify the Pi-hole config it is located at `/etc/dnsmasq.d/01-pihole.conf`. The docker start scripts runs a config test prior to starting so it will tell you about any errors in the docker log. -Similarly for the webserver you can customize configs in /etc/lighttpd - -### Systemd init script - -As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes. If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/examples/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run. Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`). You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot). - -NOTE: After initial run you may need to manually stop the docker container with "docker stop pihole" before the systemctl can start controlling the container. - ## Note on Capabilities DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) expects to have the following capabilities available: diff --git a/examples/docker_run.sh b/examples/docker_run.sh index 8c75e7b..68df5db 100755 --- a/examples/docker_run.sh +++ b/examples/docker_run.sh @@ -2,6 +2,9 @@ # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md +# You can customize where to store persistent data by setting the `PIHOLE_BASE` environment +# variable when invoking `docker_run.sh` (e.g. `PIHOLE_BASE=/opt/pihole-storage ./docker_run.sh`). +# If `PIHOLE_BASE` is not set, files are stored in your current directory when you invoke the script. PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}" [[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; } @@ -16,9 +19,6 @@ docker run -d \ --dns=127.0.0.1 --dns=1.1.1.1 \ --restart=unless-stopped \ --hostname pi.hole \ - -e VIRTUAL_HOST="pi.hole" \ - -e PROXY_LOCATION="pi.hole" \ - -e FTLCONF_LOCAL_IPV4="127.0.0.1" \ pihole/pihole:latest printf 'Starting up pihole container ' From 0704f06cd8c2cd8f26d71257f6165df7bf1e9950 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 10 Sep 2023 20:42:10 +0100 Subject: [PATCH 081/175] Update src/start.sh Co-authored-by: yubiuser Signed-off-by: Adam Warner --- src/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/start.sh b/src/start.sh index 1a1c01a..1666fdd 100644 --- a/src/start.sh +++ b/src/start.sh @@ -127,7 +127,7 @@ start() { capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & if [ "${TAIL_FTL_LOG:-1}" -eq 1 ]; then - tail -f /var/log/pihole-FTL.log & + tail -f /var/log/pihole/FTL.log & else echo " [i] FTL log output is disabled. Remove the Environment variable TAIL_FTL_LOG, or set it to 1 to enable FTL log output." fi From aa44c5a44b930395ad893b75a935d162790ad5ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Sep 2023 10:35:24 +0000 Subject: [PATCH 082/175] Bump docker/setup-qemu-action from 2 to 3 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 2 +- .github/workflows/build-and-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index d32ba93..8d22f1b 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -51,7 +51,7 @@ jobs: ghcr_password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: ${{ matrix.platform}} - name: Set up Docker Buildx diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 30654c4..6bc7819 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 with: platforms: ${{ matrix.platform}} From e4a46df21a2493c35dd292bb1128cac8646b7d2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Sep 2023 13:16:45 +0000 Subject: [PATCH 083/175] Bump docker/setup-buildx-action from 2 to 3 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 4 ++-- .github/workflows/build-and-test.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 8d22f1b..a2db0b1 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -55,7 +55,7 @@ jobs: with: platforms: ${{ matrix.platform}} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build container and push by digest (${{ matrix.registry }}) id: build @@ -106,7 +106,7 @@ jobs: path: /tmp/digests - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub and GitHub Container Registry uses: ./.github/actions/login-repo diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 6bc7819..a087d2b 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -22,7 +22,7 @@ jobs: platforms: ${{ matrix.platform}} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Run Tests run: | From 71b8d50c55c1f640a08de00bdaae82a00fa63c50 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Sep 2023 13:21:39 +0000 Subject: [PATCH 084/175] Bump docker/build-push-action from 4 to 5 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index a2db0b1..ad55f09 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -59,7 +59,7 @@ jobs: - name: Build container and push by digest (${{ matrix.registry }}) id: build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: ./src/ platforms: ${{ matrix.platform }} From 57957574d23165ba05515fb3ffbd3f57d361f5ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Sep 2023 13:28:14 +0000 Subject: [PATCH 085/175] Bump docker/metadata-action from 4 to 5 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 5. - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/docker/metadata-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index ad55f09..1ea7e29 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -32,7 +32,7 @@ jobs: - name: Docker meta (Docker Hub and GitHub Container Registry) id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} images: | @@ -118,7 +118,7 @@ jobs: - name: Docker meta (Docker Hub and GitHub Container Registry) id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} images: | From 672797b2292283e895df2abf086557b4fb5cda85 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 3 Sep 2023 13:21:00 +0100 Subject: [PATCH 086/175] Remove the "INSTALL_DEV_TOOLS" environment variable in favour of "ADDITIONAL_PACKAGES", to allow user to add any package they wish to the container. Will be mentioned in README with a HERE BE DRAGONS warning. Signed-off-by: Adam Warner --- src/start.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/start.sh b/src/start.sh index 1e293b0..e5c96cb 100644 --- a/src/start.sh +++ b/src/start.sh @@ -78,9 +78,19 @@ start() { echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" echo "" - # Install editors inside container if requested - if [ "${INSTALL_DEV_TOOLS:-0}" -gt 0 ]; then - apk add --no-cache nano less + # Install additional packages inside the container if requested + if [ -n "${ADDITIONAL_PACKAGES}" ]; then + echo " [i] Fetching APK repository metadata." + if ! apk update; then + echo " [i] Failed to fetch APK repository metadata." + else + echo " [i] Installing additional packages." + # shellcheck disable=SC2086 + if ! apk add --no-cache ${ADDITIONAL_PACKAGES}; then + echo " [i] Failed to install additional packages." + fi + fi + echo "" fi # Remove possible leftovers from previous pihole-FTL processes From 3ca2aea41c87012b97d68bcc71c8329d7f30b7df Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Thu, 21 Sep 2023 00:03:25 +0100 Subject: [PATCH 087/175] Add documentation Signed-off-by: Adam Warner --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 68cb590..787b029 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ There are other environment variables if you want to customize various things in ### Experimental Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -|Left Blank for future expansion| | | | +| `ADDITIONAL_PACKAGES`| unset | Comma separated list of APKs | HERE BE DRAGONS. Mostly for development purposes, this just makes it easier for those of us that always like to have whatever additional tools we need inside the container for debugging | To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1` From b893784c09d86a96f00902f557041b211d994ff8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 25 Sep 2023 17:27:16 +0100 Subject: [PATCH 088/175] Update README.md Signed-off-by: Adam Warner --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 787b029..3e6ae4e 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,7 @@ There are other environment variables if you want to customize various things in ### Experimental Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -| `ADDITIONAL_PACKAGES`| unset | Comma separated list of APKs | HERE BE DRAGONS. Mostly for development purposes, this just makes it easier for those of us that always like to have whatever additional tools we need inside the container for debugging | +| `ADDITIONAL_PACKAGES`| unset | Space separated list of APKs | HERE BE DRAGONS. Mostly for development purposes, this just makes it easier for those of us that always like to have whatever additional tools we need inside the container for debugging | To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1` From bf12b02636c0938b5b54fa7c348309b93bbd917b Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 25 Sep 2023 20:00:22 +0100 Subject: [PATCH 089/175] Update src/start.sh Co-authored-by: RD WebDesign Signed-off-by: Adam Warner --- src/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/start.sh b/src/start.sh index e5c96cb..a5a150c 100644 --- a/src/start.sh +++ b/src/start.sh @@ -84,7 +84,7 @@ start() { if ! apk update; then echo " [i] Failed to fetch APK repository metadata." else - echo " [i] Installing additional packages." + echo " [i] Installing additional packages: ${ADDITIONAL_PACKAGES}." # shellcheck disable=SC2086 if ! apk add --no-cache ${ADDITIONAL_PACKAGES}; then echo " [i] Failed to install additional packages." From 70118390268033bce98d9219f8292423a2f26ce2 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 27 Sep 2023 18:08:51 +0100 Subject: [PATCH 090/175] Add some information about building a custom image with an alternative component branch Signed-off-by: Adam Warner --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 3e6ae4e..a1f788f 100644 --- a/README.md +++ b/README.md @@ -207,6 +207,12 @@ Why is this style of upgrading good? A couple reasons: Everyone is starting fro To reconfigure Pi-hole you'll either need to use an existing container environment variables or if there is no a variable for what you need, use the web UI or CLI commands. +### Building an image with alternative component branches + +Occaisionally you may need to try an alternative branch of one of the components (`core`,`web`,`ftl`). On bare metal you would run, for example, `pihole checkout core custombranchname`, however in Docker world we have disabled this command as it can cause unpredictable results. + +The preferred method is to clone this repository and rebuild the image with the custom branch name passed in as an arg, e.g `docker buildx build src/. --tag pihole_custom --build-arg CORE_BRANCH=custombranchname --no-cache`, and then redeploy your stack with this new image (In this case you should have a local image named `pihole_custom`, but you can call it whatever you want) + ### Pi-hole features Here are some relevant wiki pages from [Pi-hole's documentation](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web). The web interface or command line tools can be used to implement changes to pihole. From 4c2d0ab34f62bdef0f521214ad2be653cb491594 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 27 Sep 2023 18:10:34 +0100 Subject: [PATCH 091/175] Add valid args Signed-off-by: Adam Warner --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a1f788f..3959f58 100644 --- a/README.md +++ b/README.md @@ -209,10 +209,15 @@ To reconfigure Pi-hole you'll either need to use an existing container environme ### Building an image with alternative component branches -Occaisionally you may need to try an alternative branch of one of the components (`core`,`web`,`ftl`). On bare metal you would run, for example, `pihole checkout core custombranchname`, however in Docker world we have disabled this command as it can cause unpredictable results. +Occasionally you may need to try an alternative branch of one of the components (`core`,`web`,`ftl`). On bare metal you would run, for example, `pihole checkout core custombranchname`, however in Docker world we have disabled this command as it can cause unpredictable results. The preferred method is to clone this repository and rebuild the image with the custom branch name passed in as an arg, e.g `docker buildx build src/. --tag pihole_custom --build-arg CORE_BRANCH=custombranchname --no-cache`, and then redeploy your stack with this new image (In this case you should have a local image named `pihole_custom`, but you can call it whatever you want) +Valid args are: + - `CORE_BRANCH` + - `WEB_BRANCH` + - `FTL_BRANCH` + ### Pi-hole features Here are some relevant wiki pages from [Pi-hole's documentation](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web). The web interface or command line tools can be used to implement changes to pihole. From 6fa17598143ff7fe9b86887556e037bbc59a0583 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 8 Oct 2023 14:06:35 +0100 Subject: [PATCH 092/175] AdminLTE -> web Signed-off-by: Adam Warner --- README.md | 2 +- src/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3959f58..9df5800 100644 --- a/README.md +++ b/README.md @@ -184,7 +184,7 @@ The Date-based (including incremented "Patch" versions) do not relate to any kin | `2022.04.1` | Second release in a given month | | `dev` | Similar to `latest`, but for the development branch (pushed occasionally) | | `*beta` | Early beta releases of upcoming versions - here be dragons | -| `nightly` | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, AdminLTE, FTL) | +| `nightly` | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, web, FTL) | ## Upgrading, Persistence, and Customizations diff --git a/src/Dockerfile b/src/Dockerfile index 81f88d9..12fe8de 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -40,7 +40,7 @@ COPY crontab.txt /crontab.txt ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/${PADD_BRANCH}/padd.sh /usr/local/bin/padd # download a the main repos from github -RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/AdminLTE.git /var/www/html/admin && \ +RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/web.git /var/www/html/admin && \ git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole ;\ # Download the latest version of pihole-FTL for alpine: if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ From 0489e57d1045e0171b325ea9ebf11ad785158602 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 16 Oct 2023 17:11:11 +0100 Subject: [PATCH 093/175] Add special handling for FTL Config names that have underscores in them Signed-off-by: Adam Warner --- src/bash_functions.sh | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 1911bea..4c0e480 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -127,11 +127,33 @@ apply_FTL_Configs_From_Env(){ # Replace underscores with dots in the name to match pihole-FTL expectiations name="${name//_/.}" - # Special handing for the value if the name is dns.upstreams - if [ "$name" == "dns.upstreams" ]; then - value='["'${value//;/\",\"}'"]' - fi + # Special handling for some FTL Config values + case "$name" in + # Convert the semicolon separated list to a JSON array + "dns.upstreams") + value='["'${value//;/\",\"}'"]' + ;; + # The following config names have an underscore in them, + # so we need to re-convert the dot back to an underscore + "webserver.tls.rev.proxy") + name="webserver.tls.rev_proxy" + ;; + "webserver.api.totp.secret") + name="webserver.api.totp_secret" + ;; + "webserver.api.allow.destructive") + name="webserver.api.allow_destructive" + ;; + "misc.delay.startup") + name="misc.delay_startup" + ;; + "misc.dnsmasq.lines") + name="misc.dnsmasq_lines" + ;; + esac + + # Mask the value if it is a password, else display the value as is if [ "$name" == "webserver.api.password" ]; then masked_value=$(printf "%${#value}s" | tr " " "*") else From 0784964f6008c0d1083fe9b4e0d02e46f8f9670c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 20 Oct 2023 11:35:43 +0100 Subject: [PATCH 094/175] This is all now handled natively in FTL, no need for the bash Signed-off-by: Adam Warner --- README.md | 3 ++- src/bash_functions.sh | 60 ------------------------------------------- src/start.sh | 2 -- 3 files changed, 2 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index 9df5800..1446062 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,8 @@ There are other environment variables if you want to customize various things in | -------- | ------- | ----- | ---------- | | `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. | `FTL_CMD` | `no-daemon` | `no-daemon -- ` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. | -| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'` +| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`| +|`FTLCONF_ENV_ONLY`|unset|``|If set to true, FTL will use default values for all config values unless explicitly set as an environment variable| | `PIHOLE_UID` | `999` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | | `PIHOLE_GID` | `999` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| | `DNSMASQ_USER` | unset | `` | Allows changing the user that FTLDNS runs as. Default: `pihole`, some systems such as Synology NAS may require you to change this to `root` (See [#963](https://github.com/pi-hole/docker-pi-hole/issues/963)) | diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 4c0e480..5e919e1 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -113,64 +113,6 @@ fix_capabilities() { fi } - - -apply_FTL_Configs_From_Env(){ - # Get all exported environment variables starting with FTLCONF_ as a prefix and call the setFTLConfigValue - # function with the environment variable's suffix as the key. This allows applying any pihole-FTL.conf - # setting defined here: https://docs.pi-hole.net/ftldns/configfile/ - echo "" - echo "==========Applying settings from environment variables==========" - source /opt/pihole/COL_TABLE - declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(|.+)\"/\1 \2/' | while read -r name value - do - # Replace underscores with dots in the name to match pihole-FTL expectiations - name="${name//_/.}" - - - # Special handling for some FTL Config values - case "$name" in - # Convert the semicolon separated list to a JSON array - "dns.upstreams") - value='["'${value//;/\",\"}'"]' - ;; - # The following config names have an underscore in them, - # so we need to re-convert the dot back to an underscore - "webserver.tls.rev.proxy") - name="webserver.tls.rev_proxy" - ;; - "webserver.api.totp.secret") - name="webserver.api.totp_secret" - ;; - "webserver.api.allow.destructive") - name="webserver.api.allow_destructive" - ;; - "misc.delay.startup") - name="misc.delay_startup" - ;; - "misc.dnsmasq.lines") - name="misc.dnsmasq_lines" - ;; - esac - - # Mask the value if it is a password, else display the value as is - if [ "$name" == "webserver.api.password" ]; then - masked_value=$(printf "%${#value}s" | tr " " "*") - else - masked_value=$value - fi - - if pihole-FTL --config "${name}" "${value}" > /ftlconfoutput; then - echo " ${TICK} Applied pihole-FTL setting $name=$masked_value" - else - echo " ${CROSS} Error Applying pihole-FTL setting $name=$masked_value" - echo " ${INFO} $(cat /ftlconfoutput)" - fi - done - echo "================================================================" - echo "" -} - setup_FTL_query_logging(){ if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then echo " [i] Disabling Query Logging" @@ -180,10 +122,8 @@ setup_FTL_query_logging(){ echo " [i] Enabling Query Logging" setFTLConfigValue dns.queryLogging true fi - } - load_web_password_secret() { # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE, # allowing secrets to be passed via docker secrets diff --git a/src/start.sh b/src/start.sh index 49ad304..303a012 100644 --- a/src/start.sh +++ b/src/start.sh @@ -53,8 +53,6 @@ start() { # validate_env || exit 1 ensure_basic_configuration - apply_FTL_Configs_From_Env - # Web interface setup # =========================== # load_web_password_secret From 74657d01a917fe930dfd204db46c6591272fa5ab Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 20 Oct 2023 13:14:08 +0100 Subject: [PATCH 095/175] - Bring back the logic from v5 containers for web password - Update readme to take into accounts changes to FTLs environment variable handling - shell/md linting, tidy away some code that is no longer needed Signed-off-by: Adam Warner --- README.md | 105 ++++++++++++++++---------------- src/bash_functions.sh | 135 +++++++++++++----------------------------- src/start.sh | 38 +++--------- 3 files changed, 106 insertions(+), 172 deletions(-) diff --git a/README.md b/README.md index 1446062..63358da 100644 --- a/README.md +++ b/README.md @@ -5,11 +5,11 @@

- ## Upgrade Notes -## !!! THIS VERSION CONTAINS BREAKING CHANGES !!! -### v[ChangeMeBeforeTagging] has been entirely redesigned from the ground up and contains many breaking changes. Environment variable names have changed, script locations may have changed. Please read the the Readme carefully before proceeding. +## !!! THIS VERSION CONTAINS BREAKING CHANGES + +### v[ChangeMeBeforeTagging] has been entirely redesigned from the ground up and contains many breaking changes. Environment variable names have changed, script locations may have changed. Please read the the Readme carefully before proceeding --- @@ -36,9 +36,10 @@ services: - "53:53/udp" - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "80:80/tcp" + - "443:443/tcp" # By default, FTL will generate a self-signed certificate environment: TZ: 'America/Chicago' - # WEBPASSWORD: 'set a secure password here or it will be random' + # FTLCONF_webserver_api_password: 'set a secure password here or it will be random' # Volumes store your data between container upgrades volumes: - './etc-pihole:/etc/pihole' @@ -48,6 +49,7 @@ services: - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed restart: unless-stopped ``` + 2. Run `docker compose up -d` to build and start pi-hole (Syntax may be `docker-compose` on older systems) 3. If using Docker's default `bridge` network setting, set the environment variable `FTLCONF_dns_listeningMode` to `all` @@ -81,43 +83,43 @@ Volumes are recommended for persisting data across container re-creations for up There are multiple different ways to run DHCP from within your Docker Pi-hole container but it is slightly more advanced and one size does not fit all. DHCP and Docker's multiple network modes are covered in detail on our docs site: [Docker DHCP and Network Modes](https://docs.pi-hole.net/docker/DHCP/) -## Environment Variables +## Configuration -There are other environment variables if you want to customize various things inside the docker container: +It is recommended that you use environment variables to configure the Pi-hole docker container (more details below), however if you are persisting your `/etc/pihole` directory, you may also set them via the web interface or by directly editing `pihole.toml` -### Recommended Variables +### Web interface password + +To set a specific password for the web interface, use the environment variable `FTLCONF_webserver_api_password`. If this variable is not detected, and you have not already set one via `pihole setpassword` in the container, then a random password will be assigned on startup, this will be printed to the log. Run `docker logs pihole | grep random` to find it. + +To explicitly set no password, set `FTLCONF_webserver_api_password: ''` + +### Recommended Environment Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | | `TZ` | UTC | `` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. -| `FTLCONF_webserver_api_password` | random | `` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass. -| `FTLCONF_dns_upstreams` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4`
(supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0;upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services
Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation | +| `FTLCONF_webserver_api_password` | random | `` | password. Run `docker logs pihole \| grep random` to find your random pass. +| `FTLCONF_dns_upstreams` | `8.8.8.8,8.8.4.4` | IPs delimited by `,` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053,8.8.8.8,8.8.4.4`
(supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0,upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services
Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation | ### Optional Variables | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | | `TAIL_FTL_LOG` | unset | `` | Whether or not to output the FTL log when running the. Useful for debugging/watching what FTL is doing. +| `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. +| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`| +| `PIHOLE_UID` | `100` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | +| `PIHOLE_GID` | `101` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| ### Advanced Variables + | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | -| `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. | `FTL_CMD` | `no-daemon` | `no-daemon -- ` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. | -| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`| |`FTLCONF_ENV_ONLY`|unset|``|If set to true, FTL will use default values for all config values unless explicitly set as an environment variable| -| `PIHOLE_UID` | `999` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | -| `PIHOLE_GID` | `999` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| | `DNSMASQ_USER` | unset | `` | Allows changing the user that FTLDNS runs as. Default: `pihole`, some systems such as Synology NAS may require you to change this to `root` (See [#963](https://github.com/pi-hole/docker-pi-hole/issues/963)) | - -### Experimental Variables -| Variable | Default | Value | Description | -| -------- | ------- | ----- | ---------- | | `ADDITIONAL_PACKAGES`| unset | Space separated list of APKs | HERE BE DRAGONS. Mostly for development purposes, this just makes it easier for those of us that always like to have whatever additional tools we need inside the container for debugging | - -To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1` - Here is a rundown of other arguments for your docker-compose / docker run. | Docker Arguments | Description | @@ -125,25 +127,24 @@ Here is a rundown of other arguments for your docker-compose / docker run. | `-p :` **Recommended** | Ports to expose (53, 80, 67), the bare minimum ports required for Pi-holes HTTP and DNS services | `--restart=unless-stopped`
**Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash | `-v $(pwd)/etc-pihole:/etc/pihole`
**Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates -| `--net=host`
*Optional* | Alternative to `-p :` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings. -| `--cap-add=NET_ADMIN`
*Recommended* | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities. -| `--dns=127.0.0.1`
*Optional* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, may fix resolution errors on container restart. -| `--dns=1.1.1.1`
*Optional* | Sets a backup server of your choosing in case DNSMasq has problems starting -| `--env-file .env`
*Optional* | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience +| `--net=host`
_Optional_ | Alternative to `-p :` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings. +| `--cap-add=NET_ADMIN`
_Recommended_ | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities. +| `--dns=127.0.0.1`
_Optional_ | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, may fix resolution errors on container restart. +| `--dns=1.1.1.1`
_Optional_ | Sets a backup server of your choosing in case DNSMasq has problems starting +| `--env-file .env`
_Optional_ | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience ## Tips and Tricks -* A good way to test things are working right is by loading this page: [http://pi.hole/admin/](http://pi.hole/admin/) -* [How do I set or reset the Web interface Password?](https://discourse.pi-hole.net/t/how-do-i-set-or-reset-the-web-interface-password/1328) - * `docker exec -it pihole_container_name pihole -a -p` - then enter your password into the prompt -* Port conflicts? Stop your server's existing DNS / Web services. - * Don't forget to stop your services from auto-starting again after you reboot - * Ubuntu users see below for more detailed information -* You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port. - * [Here is an example of running with nginxproxy/nginx-proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker-compose-nginx-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port. Pi-hole needs to be `DEFAULT_HOST` env in nginxproxy/nginx-proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container. Please read nginxproxy/nginx-proxy readme for more info if you have trouble. -* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins". +- A good way to test things are working right is by loading this page: [http://pi.hole/admin/](http://pi.hole/admin/) +- Port conflicts? Stop your server's existing DNS / Web services. + - Don't forget to stop your services from auto-starting again after you reboot + - Ubuntu users see below for more detailed information +- You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port. + - [Here is an example of running with nginxproxy/nginx-proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker-compose-nginx-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port. Pi-hole needs to be `DEFAULT_HOST` env in nginxproxy/nginx-proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container. Please read nginxproxy/nginx-proxy readme for more info if you have trouble. +- Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for _Interface listening behavior_ to "Listen on all interfaces, permit all origins". ### Installing on Ubuntu or Fedora + Modern releases of Ubuntu (17.10+) and Fedora (33+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53. The stub resolver should be disabled with: `sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf` @@ -153,6 +154,7 @@ After making these changes, you should restart systemd-resolved using `systemctl Once pi-hole is installed, you'll want to configure your clients to use it ([see here](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245)). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at `/etc/netplan`, then run `sudo netplan apply`. Example netplan: + ```yaml network: ethernets: @@ -170,6 +172,7 @@ Note that it is also possible to disable `systemd-resolved` entirely. However, t Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq. ## Installing on Dokku + @Rikj000 has produced a guide to assist users [installing Pi-hole on Dokku](https://github.com/Rikj000/Pihole-Dokku-Installation) ## Docker tags and versioning @@ -196,12 +199,12 @@ The standard Pi-hole customization abilities apply to this docker, but with dock Do not attempt to upgrade (`pihole -up`) or reconfigure (`pihole -r`). New images will be released for upgrades, upgrading by replacing your old container with a fresh upgraded image is the 'docker way'. Long-living docker containers are not the docker way since they aim to be portable and reproducible, why not re-create them often! Just to prove you can. 0. Read the release notes for both this Docker release and the Pi-hole release - * This will help you avoid common problems due to any known issues with upgrading or newly required arguments or variables - * We will try to put common break/fixes at the top of this readme too + - This will help you avoid common problems due to any known issues with upgrading or newly required arguments or variables + - We will try to put common break/fixes at the top of this readme too 1. Download the latest version of the image: `docker pull pihole/pihole` 2. Throw away your container: `docker rm -f pihole` - * **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether. - * If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step. + - **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether. + - If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step. 3. Start your container with the newer base image: `docker run pihole/pihole` (`` being your preferred run volumes and env vars) Why is this style of upgrading good? A couple reasons: Everyone is starting from the same base image which has been tested to known it works. No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reduces complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes. Basically I'm encouraging [phoenix server](https://www.google.com/?q=phoenix+servers) principles for your containers. @@ -215,9 +218,10 @@ Occasionally you may need to try an alternative branch of one of the components The preferred method is to clone this repository and rebuild the image with the custom branch name passed in as an arg, e.g `docker buildx build src/. --tag pihole_custom --build-arg CORE_BRANCH=custombranchname --no-cache`, and then redeploy your stack with this new image (In this case you should have a local image named `pihole_custom`, but you can call it whatever you want) Valid args are: - - `CORE_BRANCH` - - `WEB_BRANCH` - - `FTL_BRANCH` + +- `CORE_BRANCH` +- `WEB_BRANCH` +- `FTL_BRANCH` ### Pi-hole features @@ -225,9 +229,9 @@ Here are some relevant wiki pages from [Pi-hole's documentation](https://github. We install all pihole utilities so the the built in [pihole commands](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738) will work via `docker exec ` like so: -* `docker exec pihole_container_name pihole updateGravity` -* `docker exec pihole_container_name pihole -w spclient.wg.spotify.com` -* `docker exec pihole_container_name pihole -wild example.com` +- `docker exec pihole_container_name pihole updateGravity` +- `docker exec pihole_container_name pihole -w spclient.wg.spotify.com` +- `docker exec pihole_container_name pihole -wild example.com` ### Customizations @@ -236,6 +240,7 @@ The webserver and DNS service inside the container can be customized if necessar ## Note on Capabilities DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) expects to have the following capabilities available: + - `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53) - `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it) - `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets) @@ -246,18 +251,18 @@ This image automatically grants those capabilities, if available, to the FTLDNS By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\ However, if DHCP and IPv6 Router Advertisements are not in use, it should be safe to skip it. For the most paranoid, it should even be possible to explicitly drop the `NET_RAW` capability to prevent FTLDNS from automatically gaining it. - ## Note on Watchtower We have noticed that a lot of people use Watchtower to keep their Pi-hole containers up to date. For the same reason we don't provide an auto-update feature on a bare metal install, you _should not_ have a system automatically update your Pi-hole container. Especially unattended. As much as we try to ensure nothing will go wrong, sometimes things do go wrong - and you need to set aside time to _manually_ pull and update to the version of the container you wish to run. The upgrade process should be along the lines of: - - **Important**: Read the release notes. Sometimes you will need to make changes other than just updating the image - - Pull the new image - - Stop and _remove_ the running Pi-hole container - - If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step. - - Recreate the container using the new image +- **Important**: Read the release notes. Sometimes you will need to make changes other than just updating the image +- Pull the new image +- Stop and _remove_ the running Pi-hole container + - If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step. +- Recreate the container using the new image Pi-hole is an integral part of your network, don't let it fall over because of an unattended update in the middle of the night. + # User Feedback Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related. Pi-hole or general docker questions are best answered on our [user forums](https://discourse.pi-hole.net/c/bugs-problems-issues/docker/30). diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 5e919e1..d30df93 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -15,8 +15,8 @@ # Takes one argument: key # Example getFTLConfigValue dns.piholePTR ####################### -getFTLConfigValue(){ - pihole-FTL --config -q "${1}" +getFTLConfigValue() { + pihole-FTL --config -q "${1}" } ####################### @@ -28,29 +28,21 @@ getFTLConfigValue(){ # Note, for complex values such as dns.upstreams, you should wrap the value in single quotes: # setFTLConfigValue dns.upstreams '[ "8.8.8.8" , "8.8.4.4" ]' ####################### -setFTLConfigValue(){ - pihole-FTL --config "${1}" "${2}" >/dev/null +setFTLConfigValue() { + pihole-FTL --config "${1}" "${2}" >/dev/null } -# export adlistFile="/etc/pihole/adlists.list" - # shellcheck disable=SC2034 ensure_basic_configuration() { echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh" - - # installScripts > /dev/null + # TODO: # installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case - # set +e mkdir -p /var/run/pihole /var/log/pihole touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log chown -R pihole:pihole /var/run/pihole /var/log/pihole - # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command - # chown -R pihole:root "${PI_HOLE_INSTALL_DIR}" - # chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" - mkdir -p /etc/pihole if [[ -z "${PYTEST}" ]]; then if [[ ! -f /etc/pihole/adlists.list ]]; then @@ -60,9 +52,6 @@ ensure_basic_configuration() { chown -R pihole:pihole /etc/pihole - - # set -e - # If FTLCONF_files_macvendor is not set if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then # User is not passing in a custom location - so force FTL to use the file we moved to / during the build @@ -71,6 +60,41 @@ ensure_basic_configuration() { fi } +setup_web_password() { + echo " [i] Checking web password" + # If the web password variable is not set... + if [ -z "${FTLCONF_webserver_api_password+x}" ]; then + # is the variable FTLCONF_ENV_ONLY set to true? + if [ "${FTLCONF_ENV_ONLY}" == "true" ]; then + echo " [i] No password supplied via FTLCONF_webserver_api_password, but FTLCONF_ENV_ONLY is set to true, using default (none)" + # If so, return - the password will be set to FTL's default (no password) + return + fi + + # Exit if password is already set in config file + if [[ -n $(pihole-FTL --config webserver.api.pwhash) ]]; then + echo " [i] Password already set in config file" + return + fi + + # If we have got here, we will now generate a random passwor + RANDOMPASSWORD=$(tr -dc _A-Z-a-z-0-9 /dev/null + + pihole setpassword "$RANDOMPASSWORD" + + # To avoid printing this if conditional in bash debug, turn off debug above.. + # then re-enable debug if necessary (more code but cleaner printed output) + if [ "${PH_VERBOSE:-0}" -gt 0 ]; then + set -x + fi + else + echo " [i] Assigning password defined by Environment Variable" + fi +} fix_capabilities() { # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container: @@ -86,7 +110,7 @@ fix_capabilities() { if [[ ${CAP_STR} ]]; then # We have the (some of) the above caps available to us - apply them to pihole-FTL echo " [i] Applying the following caps to pihole-FTL:" - IFS=',' read -ra CAPS <<< "${CAP_STR:1}" + IFS=',' read -ra CAPS <<<"${CAP_STR:1}" for i in "${CAPS[@]}"; do echo " * ${i}" done @@ -111,80 +135,5 @@ fix_capabilities() { echo " Please ensure that the container has the required capabilities." exit 1 fi + echo "" } - -setup_FTL_query_logging(){ - if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then - echo " [i] Disabling Query Logging" - setFTLConfigValue dns.queryLogging "${QUERY_LOGGING_OVERRIDE}" - else - # If it is anything other than false, set it to true - echo " [i] Enabling Query Logging" - setFTLConfigValue dns.queryLogging true - fi -} - -load_web_password_secret() { - # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE, - # allowing secrets to be passed via docker secrets - if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then - WEBPASSWORD=$(<"${WEBPASSWORD_FILE}") - fi; -} - -setup_web_password() { - if [ -z "${WEBPASSWORD+x}" ] ; then - # ENV WEBPASSWORD_OVERRIDE is not set - - # Exit if password is already set (TODO: Revisit this. Maybe make setting password in environment variable mandatory?) - if [[ $(pihole-FTL --config webserver.api.pwhash) != '""' ]]; then - return - fi - # Generate new random password - WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) - echo " [i] Assigning random password: $WEBPASSWORD" - else - # ENV WEBPASSWORD_OVERRIDE is set and will be used - echo " [i] Assigning password defined by Environment Variable" - # WEBPASSWORD="$WEBPASSWORD" - fi - - # Explicitly turn off bash printing when working with secrets - { set +x; } 2>/dev/null - - if [[ "$WEBPASSWORD" == "" ]] ; then - echo "" | pihole -a -p - else - pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD" - fi - - # To avoid printing this if conditional in bash debug, turn off debug above.. - # then re-enable debug if necessary (more code but cleaner printed output) - if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then - set -x - fi -} - -# setup_blocklists() { -# # Exit/return early without setting up adlists with defaults for any of the following conditions: -# # 1. skip_setup_blocklists env is set -# exit_string="(exiting ${FUNCNAME[0]} early)" - -# if [ -n "${skip_setup_blocklists}" ]; then -# echo " [i] skip_setup_blocklists requested $exit_string" -# return -# fi - -# # 2. The adlist file exists already (restarted container or volume mounted list) -# if [ -f "${adlistFile}" ]; then -# echo " [i] Preexisting ad list ${adlistFile} detected $exit_string" -# return -# fi - -# echo " [i] ${FUNCNAME[0]} now setting default blocklists up: " -# echo " [i] TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot" -# # installDefaultBlocklists - -# echo " [i] Blocklists (${adlistFile}) now set to:" -# cat "${adlistFile}" -# } diff --git a/src/start.sh b/src/start.sh index 303a012..66a0792 100644 --- a/src/start.sh +++ b/src/start.sh @@ -12,9 +12,6 @@ start() { # shellcheck source=/dev/null . /usr/bin/bash_functions.sh - # shellcheck source=/dev/null - # SKIP_INSTALL=true . /etc/.pihole/automated\ install/basic-install.sh - echo " [i] Starting docker specific checks & setup for docker pihole/pihole" # TODO: @@ -49,32 +46,10 @@ start() { fi fi - fix_capabilities - # validate_env || exit 1 ensure_basic_configuration + setup_web_password - # Web interface setup - # =========================== - # load_web_password_secret - # setup_web_password - - # Misc Setup - # =========================== - # setup_blocklists - - # FTL setup - # =========================== - - # setup_FTL_User - # setup_FTL_query_logging - - [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot - - echo " [i] Docker start setup complete" - echo "" - - echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" - echo "" + # [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot # Install additional packages inside the container if requested if [ -n "${ADDITIONAL_PACKAGES}" ]; then @@ -96,8 +71,6 @@ start() { rm -f /run/pihole/FTL.sock # Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc) - # crond - # Randomize gravity update time sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt # Randomize update checker time @@ -129,8 +102,15 @@ start() { pihole updatechecker + echo " [i] Docker start setup complete" + echo "" + + echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" + echo "" + # Start pihole-FTL + fix_capabilities sh /opt/pihole/pihole-FTL-prestart.sh capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & From b8a717f9254db550bb225d3352213de89eb0f920 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 20 Oct 2023 16:04:14 +0100 Subject: [PATCH 096/175] Re-do tests to account for FTLCONF_ changes. Add new tests for web password Signed-off-by: Adam Warner --- test/tests/conftest.py | 2 +- test/tests/test_bash_functions.py | 38 +++++++++++++++++++++++-------- 2 files changed, 30 insertions(+), 10 deletions(-) diff --git a/test/tests/conftest.py b/test/tests/conftest.py index bbb2df8..eb1887f 100644 --- a/test/tests/conftest.py +++ b/test/tests/conftest.py @@ -37,7 +37,7 @@ def run_and_stream_command_output(): @pytest.fixture() def args_env(): - return '-e TZ="Europe/London"' + return '-e TZ="Europe/London" -e FTLCONF_ENV_ONLY=true' @pytest.fixture() diff --git a/test/tests/test_bash_functions.py b/test/tests/test_bash_functions.py index c9917f5..9b5d2da 100644 --- a/test/tests/test_bash_functions.py +++ b/test/tests/test_bash_functions.py @@ -1,22 +1,42 @@ -import os import pytest -import re - -CMD_APPLY_FTL_CONFIG_FROM_ENV = ". bash_functions.sh ; apply_FTL_Configs_From_Env" @pytest.mark.parametrize("test_args", ['-e "FTLCONF_webserver_port=999"']) def test_ftlconf_webserver_port(docker): - func = docker.run(CMD_APPLY_FTL_CONFIG_FROM_ENV) - assert "Applied pihole-FTL setting webserver.port=999" in func.stdout + func = docker.run("pihole-FTL --config webserver.port") + assert "999" in func.stdout @pytest.mark.parametrize( - "test_args", ['-e "FTLCONF_dns_upstreams=1.1.1.1;8.8.8.8#1234"'] + "test_args", ['-e "FTLCONF_dns_upstreams=1.2.3.4,5.6.7.8#1234"'] ) def test_ftlconf_dns_upstreams(docker): - func = docker.run(CMD_APPLY_FTL_CONFIG_FROM_ENV) + func = docker.run("pihole-FTL --config dns.upstreams") + assert "[ 1.2.3.4, 5.6.7.8#1234 ]" in func.stdout + + +CMD_SETUP_WEB_PASSWORD = ". bash_functions.sh ; setup_web_password" + + +@pytest.mark.parametrize("test_args", ['-e "FTLCONF_ENV_ONLY=false"']) +def test_random_password_assigned_fresh_start(docker): + func = docker.run(CMD_SETUP_WEB_PASSWORD) + assert "assigning random password:" in func.stdout + assert "New password set" in func.stdout + + +@pytest.mark.parametrize( + "test_args", ['-e "FTLCONF_webserver_api_password=1234567890"'] +) +def test_password_set_by_envvar(docker): + func = docker.run(CMD_SETUP_WEB_PASSWORD) + assert "Assigning password defined by Environment Variable" in func.stdout + + +@pytest.mark.parametrize("test_args", ['-e "FTLCONF_ENV_ONLY=true"']) +def test_password_envonly_true(docker): + func = docker.run(CMD_SETUP_WEB_PASSWORD) assert ( - 'Applied pihole-FTL setting dns.upstreams=["1.1.1.1","8.8.8.8#1234"]' + "No password supplied via FTLCONF_webserver_api_password, but FTLCONF_ENV_ONLY is set to true, using default (none)" in func.stdout ) From bb2a7b11535eece13f92323aa2de5a58c9ca5b64 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 20 Oct 2023 16:22:58 +0100 Subject: [PATCH 097/175] Update README.md Co-authored-by: yubiuser Signed-off-by: Adam Warner --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 63358da..f732a3e 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ To explicitly set no password, set `FTLCONF_webserver_api_password: ''` | -------- | ------- | ----- | ---------- | | `TAIL_FTL_LOG` | unset | `` | Whether or not to output the FTL log when running the. Useful for debugging/watching what FTL is doing. | `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. -| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`| +| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole.toml with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`| | `PIHOLE_UID` | `100` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | | `PIHOLE_GID` | `101` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| From ae90e9c854797d6f6e532f9a09531b03ee9dd2a8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Fri, 20 Oct 2023 16:45:04 +0100 Subject: [PATCH 098/175] Trim some fat Signed-off-by: Adam Warner --- README.md | 40 +++++------------ examples/docker-compose-caddy-proxy.yml | 8 ++-- examples/docker-compose-nginx-proxy.yml | 59 ------------------------- examples/docker-compose.yml.example | 25 ----------- examples/docker-pi-hole.cron | 31 ------------- examples/docker_run.sh | 39 ---------------- examples/pihole.service | 13 ------ 7 files changed, 14 insertions(+), 201 deletions(-) delete mode 100644 examples/docker-compose-nginx-proxy.yml delete mode 100644 examples/docker-compose.yml.example delete mode 100644 examples/docker-pi-hole.cron delete mode 100755 examples/docker_run.sh delete mode 100644 examples/pihole.service diff --git a/README.md b/README.md index f732a3e..de51cf0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Docker Pi-hole +[![Build Status](https://github.com/pi-hole/docker-pi-hole/workflows/Test%20&%20Build/badge.svg)](https://github.com/pi-hole/docker-pi-hole/actions?query=workflow%3A%22Test+%26+Build%22) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) +

Pi-hole

@@ -19,10 +21,11 @@ ## Quick Start -1. Copy docker-compose.yml.example to docker-compose.yml and update as needed. See example below: -[Docker-compose](https://docs.docker.com/compose/install/) example: +Using [Docker-compose](https://docs.docker.com/compose/install/): -```yaml +1. Copy the below docker compose example and update as needed + +```yml version: "3" # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ @@ -53,31 +56,11 @@ services: 2. Run `docker compose up -d` to build and start pi-hole (Syntax may be `docker-compose` on older systems) 3. If using Docker's default `bridge` network setting, set the environment variable `FTLCONF_dns_listeningMode` to `all` -[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh). +nb. Volumes are recommended for persisting data across container re-creations for updating images. -## Overview +### Automatic Ad List Updates -A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 and ARM container with [Pi-hole](https://pi-hole.net) functionality. - -1) Install Docker. [Docker-compose](https://docs.docker.com/compose/install/) is also recommended. -2) Use the above quick start example, customize if desired. -3) Enjoy! - -[![Build Status](https://github.com/pi-hole/docker-pi-hole/workflows/Test%20&%20Build/badge.svg)](https://github.com/pi-hole/docker-pi-hole/actions?query=workflow%3A%22Test+%26+Build%22) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) - -## Running Pi-hole Docker - -This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**. If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh) - -If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes like so: - -``` - -v "$(pwd)/etc-pihole:/etc/pihole:z" \ -``` - -Volumes are recommended for persisting data across container re-creations for updating images. - -**Automatic Ad List Updates** - `cron` is baked into the container and will grab the newest versions of your lists and flush your logs. This happens once per week in the small hours of Sunday morning. +`cron` is baked into the container and will grab the newest versions of your lists and flush your logs. This happens once per week in the small hours of Sunday morning. ## Running DHCP from Docker Pi-Hole @@ -139,9 +122,8 @@ Here is a rundown of other arguments for your docker-compose / docker run. - Port conflicts? Stop your server's existing DNS / Web services. - Don't forget to stop your services from auto-starting again after you reboot - Ubuntu users see below for more detailed information -- You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port. - - [Here is an example of running with nginxproxy/nginx-proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker-compose-nginx-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port. Pi-hole needs to be `DEFAULT_HOST` env in nginxproxy/nginx-proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container. Please read nginxproxy/nginx-proxy readme for more info if you have trouble. - Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for _Interface listening behavior_ to "Listen on all interfaces, permit all origins". +- If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes ### Installing on Ubuntu or Fedora @@ -235,7 +217,7 @@ We install all pihole utilities so the the built in [pihole commands](https://di ### Customizations -The webserver and DNS service inside the container can be customized if necessary. Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts or if you need to modify the Pi-hole config it is located at `/etc/dnsmasq.d/01-pihole.conf`. The docker start scripts runs a config test prior to starting so it will tell you about any errors in the docker log. +The webserver and DNS service inside the container can be customized if necessary. Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts. ## Note on Capabilities diff --git a/examples/docker-compose-caddy-proxy.yml b/examples/docker-compose-caddy-proxy.yml index 99d54d7..0ee3cc1 100644 --- a/examples/docker-compose-caddy-proxy.yml +++ b/examples/docker-compose-caddy-proxy.yml @@ -22,7 +22,7 @@ services: # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ pihole: - depends_on: + depends_on: - caddy container_name: pihole #dns: # Optional. Specify desired upstream DNS servers here. @@ -37,17 +37,15 @@ services: # Following are NOT proxied through Caddy, bound to host net instead: - "53:53/udp" - "53:53/tcp" - - "853:853/tcp" # DNS-over-TLS + - "853:853/tcp" # DNS-over-TLS #- "67:67/udp" # DHCP, if desired. If not bound to host net you need an mDNS proxy service configured somewhere on host net. # ref: https://docs.pi-hole.net/docker/DHCP/ environment: TZ: 'America/New_York' # Supported TZ database names: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#Time_Zone_abbreviations - WEBPASSWORD: 'password' # Only used on first boot, change with pihole cli then comment out here. + FTLCONF_webserver_api_password: 'password' volumes: - './etc-pihole:/etc/pihole' - './etc-dnsmasq.d:/etc/dnsmasq.d' - - './etc-lighttpd/external.conf:/etc/lighttpd/external.conf' # Recommend leave as bind mount for easier editing. - # ref for why you may need to change this file: https://docs.pi-hole.net/guides/webserver/caddy/#modifying-lighttpd-configuration #cap_add: # Uncomment if using Pi-hole as DHCP server # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities #- NET_ADMIN # ONLY required if you are using Pi-hole as your DHCP server, else remove for better security diff --git a/examples/docker-compose-nginx-proxy.yml b/examples/docker-compose-nginx-proxy.yml deleted file mode 100644 index 48b34f9..0000000 --- a/examples/docker-compose-nginx-proxy.yml +++ /dev/null @@ -1,59 +0,0 @@ -version: "3" - -# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md - -services: - nginx-proxy: - image: nginxproxy/nginx-proxy - ports: - - '80:80' - environment: - DEFAULT_HOST: pihole.yourDomain.lan - volumes: - - '/var/run/docker.sock:/tmp/docker.sock' - restart: always - - pihole: - image: pihole/pihole:latest - ports: - - '53:53/tcp' - - '53:53/udp' - - "67:67/udp" - - '8053:80/tcp' - volumes: - - './etc-pihole:/etc/pihole' - - './etc-dnsmasq.d:/etc/dnsmasq.d' - # run `touch ./var-log/pihole.log` first unless you like errors - # - './var-log/pihole.log:/var/log/pihole/pihole.log' - # Recommended but not required (DHCP needs NET_ADMIN) - # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities - cap_add: - - NET_ADMIN - environment: - ServerIP: 192.168.41.55 - PROXY_LOCATION: pihole - VIRTUAL_HOST: pihole.yourDomain.lan - VIRTUAL_PORT: 80 - extra_hosts: - # Resolve to nothing domains (terminate connection) - - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0' - # LAN hostnames for other docker containers using nginx-proxy - - 'yourDomain.lan:192.168.41.55' - - 'pihole pihole.yourDomain.lan:192.168.41.55' - - 'ghost ghost.yourDomain.lan:192.168.41.55' - - 'wordpress wordpress.yourDomain.lan:192.168.41.55' - restart: always - -# Another container you might want to have running through the proxy -# Note it also have ENV Vars like pihole and a host under pihole's extra_hosts -# ghost: -# image: fractalf/ghost -# ports: -# - '2368:2368/tcp' -# volumes: -# - '/etc/ghost:/ghost-override' -# environment: -# PROXY_LOCATION: ghost -# VIRTUAL_HOST: ghost.yourDomain.lan -# VIRTUAL_PORT: 2368 -# restart: always diff --git a/examples/docker-compose.yml.example b/examples/docker-compose.yml.example deleted file mode 100644 index f52e184..0000000 --- a/examples/docker-compose.yml.example +++ /dev/null @@ -1,25 +0,0 @@ -version: "3" - -# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md - -services: - pihole: - container_name: pihole - image: pihole/pihole:latest - # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" - ports: - - "53:53/tcp" - - "53:53/udp" - - "67:67/udp" - - "80:80/tcp" - environment: - TZ: 'America/Chicago' - # WEBPASSWORD: 'set a secure password here or it will be random' - # Volumes store your data between container upgrades - volumes: - - './etc-pihole:/etc/pihole' - - './etc-dnsmasq.d:/etc/dnsmasq.d' - # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities - cap_add: - - NET_ADMIN - restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN) diff --git a/examples/docker-pi-hole.cron b/examples/docker-pi-hole.cron deleted file mode 100644 index 669c96f..0000000 --- a/examples/docker-pi-hole.cron +++ /dev/null @@ -1,31 +0,0 @@ -# Pi-hole: A black hole for Internet advertisements -# (c) 2015, 2016 by Jacob Salmela -# Network-wide ad blocking via your Raspberry Pi -# http://pi-hole.net -# Updates ad sources every week -# -# Pi-hole is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# (at your option) any later version. -# -# This file is under source-control of the Pi-hole installation and update -# scripts, any changes made to this file will be overwritten when the softare -# is updated or re-installed. Please make any changes to the appropriate crontab -# or other cron file snippets. - -# Your container name goes here: -DOCKER_NAME=pihole -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - -# Pi-hole: Update the ad sources once a week on Sunday at 01:59 -# Download any updates from the adlists -59 1 * * 7 root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updateGravity > /dev/null - -# Update docker-pi-hole by pulling the latest docker image and re-creating your container. -# pihole software update commands are unsupported in docker! -#30 2 * * 7 root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updatePihole > /dev/null - -# Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control -# Stats will be viewable in the Web interface thanks to the cron job above -00 00 * * * root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole flush > /dev/null diff --git a/examples/docker_run.sh b/examples/docker_run.sh deleted file mode 100755 index 68df5db..0000000 --- a/examples/docker_run.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md - -# You can customize where to store persistent data by setting the `PIHOLE_BASE` environment -# variable when invoking `docker_run.sh` (e.g. `PIHOLE_BASE=/opt/pihole-storage ./docker_run.sh`). -# If `PIHOLE_BASE` is not set, files are stored in your current directory when you invoke the script. -PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}" -[[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; } - -# Note: FTLCONF_LOCAL_IPV4 should be replaced with your external ip. -docker run -d \ - --name pihole \ - -p 53:53/tcp -p 53:53/udp \ - -p 80:80 \ - -e TZ="America/Chicago" \ - -v "${PIHOLE_BASE}/etc-pihole:/etc/pihole" \ - -v "${PIHOLE_BASE}/etc-dnsmasq.d:/etc/dnsmasq.d" \ - --dns=127.0.0.1 --dns=1.1.1.1 \ - --restart=unless-stopped \ - --hostname pi.hole \ - pihole/pihole:latest - -printf 'Starting up pihole container ' -for i in $(seq 1 20); do - if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then - printf ' OK' - echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: http://${IP}/admin/" - exit 0 - else - sleep 3 - printf '.' - fi - - if [ $i -eq 20 ] ; then - echo -e "\nTimed out waiting for Pi-hole start, consult your container logs for more info (\`docker logs pihole\`)" - exit 1 - fi -done; diff --git a/examples/pihole.service b/examples/pihole.service deleted file mode 100644 index b4cbad7..0000000 --- a/examples/pihole.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=pihole -Requires=docker.service multi-user.target -After=docker.service network-online.target dhcpd.service - -[Service] -Restart=always -ExecStart=/usr/bin/docker start -a pihole -ExecStop=/usr/bin/docker stop -t 2 pihole - -[Install] -WantedBy=multi-user.target - From 5c7ff5c539c75c1aab7fcd3d392f78d26e246d75 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 22 Oct 2023 12:15:04 +0100 Subject: [PATCH 099/175] TARGETPLATFORM needs to be set Co-authored-by: yubiuser Signed-off-by: Adam Warner --- build-and-test.sh | 1 + src/Dockerfile | 2 +- test/cmd.sh | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/build-and-test.sh b/build-and-test.sh index 0f90186..1efec10 100755 --- a/build-and-test.sh +++ b/build-and-test.sh @@ -19,4 +19,5 @@ docker run --rm \ --env PIPENV_CACHE_DIR="$(pwd)/.pipenv" \ --env GIT_TAG="${GIT_TAG}" \ --env PY_COLORS=1 \ + --env TARGETPLATFORM="${PLATFORM}" \ ${enter} image_pipenv diff --git a/src/Dockerfile b/src/Dockerfile index 12fe8de..028cd2f 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -47,7 +47,7 @@ RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.co elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ - elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then FTLARCH=arm64; \ + elif [ "$TARGETPLATFORM" = "linux/arm64/v8" ]; then FTLARCH=arm64; \ elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ else FTLARCH=amd64; fi \ && echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \ diff --git a/test/cmd.sh b/test/cmd.sh index 2c753d7..193585c 100755 --- a/test/cmd.sh +++ b/test/cmd.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh set -eux -docker buildx build ./src --tag pihole:${GIT_TAG} --no-cache +docker buildx build ./src --build-arg TARGETPLATFORM="${TARGETPLATFORM}" --tag pihole:${GIT_TAG} --no-cache docker images pihole:${GIT_TAG} # auto-format the pytest code From 335ec7e40de54871727a316903b83a0c120b8937 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 28 Oct 2023 19:47:59 +0100 Subject: [PATCH 100/175] explicitly test for pwhash containing a value beginning $BALOON-SHA256 --- src/bash_functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index d30df93..0c69f51 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -72,7 +72,7 @@ setup_web_password() { fi # Exit if password is already set in config file - if [[ -n $(pihole-FTL --config webserver.api.pwhash) ]]; then + if [[ $(pihole-FTL --config webserver.api.pwhash) = \$BALLOON-SHA256* ]]; then echo " [i] Password already set in config file" return fi From 9928cfa630b5e99f76831aab311907a97afe17a0 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 29 Oct 2023 17:48:24 +0000 Subject: [PATCH 101/175] Clarify delimter for array type FTLCONF_ values Signed-off-by: Adam Warner --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index de51cf0..9ed7270 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ To explicitly set no password, set `FTLCONF_webserver_api_password: ''` | -------- | ------- | ----- | ---------- | | `TZ` | UTC | `` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight. | `FTLCONF_webserver_api_password` | random | `` | password. Run `docker logs pihole \| grep random` to find your random pass. -| `FTLCONF_dns_upstreams` | `8.8.8.8,8.8.4.4` | IPs delimited by `,` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053,8.8.8.8,8.8.4.4`
(supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0,upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services
Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation | +| `FTLCONF_dns_upstreams` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon
(supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4`
(supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0,upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services
Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation | ### Optional Variables @@ -90,7 +90,7 @@ To explicitly set no password, set `FTLCONF_webserver_api_password: ''` | -------- | ------- | ----- | ---------- | | `TAIL_FTL_LOG` | unset | `` | Whether or not to output the FTL log when running the. Useful for debugging/watching what FTL is doing. | `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. -| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole.toml with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`| +| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole.toml with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`
Array type configs should be delimited with `;`| | `PIHOLE_UID` | `100` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | | `PIHOLE_GID` | `101` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| From f31b4694c8776302ff6907ec95966fa25e7051a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 29 Oct 2023 21:04:36 +0100 Subject: [PATCH 102/175] Delimter for array type FTLCONF_ values is ; MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/tests/test_bash_functions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/tests/test_bash_functions.py b/test/tests/test_bash_functions.py index 9b5d2da..1511fb4 100644 --- a/test/tests/test_bash_functions.py +++ b/test/tests/test_bash_functions.py @@ -8,7 +8,7 @@ def test_ftlconf_webserver_port(docker): @pytest.mark.parametrize( - "test_args", ['-e "FTLCONF_dns_upstreams=1.2.3.4,5.6.7.8#1234"'] + "test_args", ['-e "FTLCONF_dns_upstreams=1.2.3.4;5.6.7.8#1234"'] ) def test_ftlconf_dns_upstreams(docker): func = docker.run("pihole-FTL --config dns.upstreams") From b688b46f13a0a9fa609e9d698458d2ce5633d974 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 30 Oct 2023 21:21:47 +0000 Subject: [PATCH 103/175] linux/arm64/v8 should be linux/arm64. This is a regression, added a note to make sure it does not happen again Signed-off-by: Adam Warner --- src/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index 028cd2f..b116c6f 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -47,7 +47,8 @@ RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.co elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ - elif [ "$TARGETPLATFORM" = "linux/arm64/v8" ]; then FTLARCH=arm64; \ + # Note for the future, "linux/arm6/v8" is not a valid value for TARGETPLATFORM, despite the CI platform name being that. + elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then FTLARCH=arm64; \ elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ else FTLARCH=amd64; fi \ && echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \ From 234dd6c849aac46d29bd029500df09ddfb2091ff Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 30 Oct 2023 21:46:46 +0000 Subject: [PATCH 104/175] Drop the /v8 from `linux/arm64/v8` https://github.com/docker/cli/blob/1f6a1a438c4ae426e446f17848114e58072af2bb/cli/command/manifest/util.go#L34 Signed-off-by: Adam Warner --- .github/workflows/build-and-publish.yml | 2 +- .github/workflows/build-and-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 1ea7e29..02dab93 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -17,7 +17,7 @@ jobs: fail-fast: false matrix: registry: [dockerhub, ghcr] - platform: [linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64/v8] + platform: [linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64] container: [3.18] include: - registry: dockerhub diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index a087d2b..e5f2041 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -11,7 +11,7 @@ jobs: # Official docker images for docker are only available for amd64 and arm64 # TODO: Look at: https://github.com/docker-library/official-images#architectures-other-than-amd64 # Is testing on all platforms really necessary? - platform: [linux/amd64, linux/arm64/v8] + platform: [linux/amd64, linux/arm64] steps: - name: Checkout Repo uses: actions/checkout@v4 From 752c49e5deb99719263ef641773746c1bf73d669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 30 Oct 2023 23:31:40 +0100 Subject: [PATCH 105/175] Install logrotate from repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Dockerfile b/src/Dockerfile index b116c6f..d2f0518 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -61,6 +61,8 @@ RUN cd /etc/.pihole && \ install -Dm755 -t /opt/pihole gravity.sh && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/*.sh && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/COL_TABLE && \ + install -Dm755 -d /etc/pihole && \ + install -Dm755 -t /etc/pihole ./advanced/Templates/logrotate && \ install -Dm755 -t /usr/local/bin pihole && \ install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \ From c9e23f5a92b4187b21f424debbe6bcc6cf29df9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 30 Oct 2023 23:34:48 +0100 Subject: [PATCH 106/175] /etc/pihole is already created within the Dockerfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/bash_functions.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 0c69f51..61ccd11 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -43,7 +43,6 @@ ensure_basic_configuration() { touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log chown -R pihole:pihole /var/run/pihole /var/log/pihole - mkdir -p /etc/pihole if [[ -z "${PYTEST}" ]]; then if [[ ! -f /etc/pihole/adlists.list ]]; then echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >/etc/pihole/adlists.list From 06819bdd51c07370f328b468bf50b3c4781df98d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 31 Oct 2023 21:16:05 +0100 Subject: [PATCH 107/175] Install logrotate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 4 +++- src/bash_functions.sh | 3 --- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index d2f0518..c39caa0 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -22,6 +22,7 @@ RUN apk add --no-cache \ iproute2-ss \ jq \ libcap \ + logrotate \ ncurses \ nmap-ncat \ procps-ng \ @@ -62,7 +63,8 @@ RUN cd /etc/.pihole && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/*.sh && \ install -Dm755 -t /opt/pihole ./advanced/Scripts/COL_TABLE && \ install -Dm755 -d /etc/pihole && \ - install -Dm755 -t /etc/pihole ./advanced/Templates/logrotate && \ + install -Dm644 -t /etc/pihole ./advanced/Templates/logrotate && \ + install -Dm755 -d /var/log/pihole && \ install -Dm755 -t /usr/local/bin pihole && \ install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \ diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 61ccd11..8ef0d10 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -36,9 +36,6 @@ setFTLConfigValue() { ensure_basic_configuration() { echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh" - # TODO: - # installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case - mkdir -p /var/run/pihole /var/log/pihole touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log chown -R pihole:pihole /var/run/pihole /var/log/pihole From 822a9c515e089fdb2bce3e7b3c42140f1ab9bcf0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Oct 2023 21:15:01 +0000 Subject: [PATCH 108/175] Bump black from 22.8.0 to 23.10.1 in /test Bumps [black](https://github.com/psf/black) from 22.8.0 to 23.10.1. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/22.8.0...23.10.1) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 131 ++++++++++++++++++++++------------------------ 2 files changed, 63 insertions(+), 70 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index fb06662..dca5dc6 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -9,7 +9,7 @@ verify_ssl = true pytest = "==7.1.3" pytest-xdist = "==2.5.0" pytest-testinfra = "==6.8.0" -black = "==22.8.0" +black = "==23.10.1" [requires] python_version = "3" diff --git a/test/Pipfile.lock b/test/Pipfile.lock index bd77a00..1e0bbbb 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "7cd0c8140d8505e7613e9bf2a9853aaf7cb08a1f100f49db0bec1b94b93be3e1" + "sha256": "927e5435865842ecaced4522126b3e2483cca379394383f8d8a37eedb63f6b51" }, "pipfile-spec": 6, "requires": { @@ -18,102 +18,100 @@ "default": { "attrs": { "hashes": [ - "sha256:29adc2665447e5191d0e7c568fde78b21f9672d344281d0c6e1ab085429b22b6", - "sha256:86efa402f67bf2df34f51a335487cf46b1ec130d02b8d39fd248abfd30da551c" + "sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04", + "sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015" ], - "markers": "python_version >= '3.5'", - "version": "==22.1.0" + "markers": "python_version >= '3.7'", + "version": "==23.1.0" }, "black": { "hashes": [ - "sha256:0a12e4e1353819af41df998b02c6742643cfef58282915f781d0e4dd7a200411", - "sha256:0ad827325a3a634bae88ae7747db1a395d5ee02cf05d9aa7a9bd77dfb10e940c", - "sha256:32a4b17f644fc288c6ee2bafdf5e3b045f4eff84693ac069d87b1a347d861497", - "sha256:3b2c25f8dea5e8444bdc6788a2f543e1fb01494e144480bc17f806178378005e", - "sha256:4a098a69a02596e1f2a58a2a1c8d5a05d5a74461af552b371e82f9fa4ada8342", - "sha256:5107ea36b2b61917956d018bd25129baf9ad1125e39324a9b18248d362156a27", - "sha256:53198e28a1fb865e9fe97f88220da2e44df6da82b18833b588b1883b16bb5d41", - "sha256:5594efbdc35426e35a7defa1ea1a1cb97c7dbd34c0e49af7fb593a36bd45edab", - "sha256:5b879eb439094751185d1cfdca43023bc6786bd3c60372462b6f051efa6281a5", - "sha256:78dd85caaab7c3153054756b9fe8c611efa63d9e7aecfa33e533060cb14b6d16", - "sha256:792f7eb540ba9a17e8656538701d3eb1afcb134e3b45b71f20b25c77a8db7e6e", - "sha256:8ce13ffed7e66dda0da3e0b2eb1bdfc83f5812f66e09aca2b0978593ed636b6c", - "sha256:a05da0430bd5ced89176db098567973be52ce175a55677436a271102d7eaa3fe", - "sha256:a983526af1bea1e4cf6768e649990f28ee4f4137266921c2c3cee8116ae42ec3", - "sha256:bc4d4123830a2d190e9cc42a2e43570f82ace35c3aeb26a512a2102bce5af7ec", - "sha256:c3a73f66b6d5ba7288cd5d6dad9b4c9b43f4e8a4b789a94bf5abfb878c663eb3", - "sha256:ce957f1d6b78a8a231b18e0dd2d94a33d2ba738cd88a7fe64f53f659eea49fdd", - "sha256:cea1b2542d4e2c02c332e83150e41e3ca80dc0fb8de20df3c5e98e242156222c", - "sha256:d2c21d439b2baf7aa80d6dd4e3659259be64c6f49dfd0f32091063db0e006db4", - "sha256:d839150f61d09e7217f52917259831fe2b689f5c8e5e32611736351b89bb2a90", - "sha256:dd82842bb272297503cbec1a2600b6bfb338dae017186f8f215c8958f8acf869", - "sha256:e8166b7bfe5dcb56d325385bd1d1e0f635f24aae14b3ae437102dedc0c186747", - "sha256:e981e20ec152dfb3e77418fb616077937378b322d7b26aa1ff87717fb18b4875" + "sha256:037e9b4664cafda5f025a1728c50a9e9aedb99a759c89f760bd83730e76ba884", + "sha256:1b917a2aa020ca600483a7b340c165970b26e9029067f019e3755b56e8dd5916", + "sha256:1f8ce316753428ff68749c65a5f7844631aa18c8679dfd3ca9dc1a289979c258", + "sha256:33d40f5b06be80c1bbce17b173cda17994fbad096ce60eb22054da021bf933d1", + "sha256:3f157a8945a7b2d424da3335f7ace89c14a3b0625e6593d21139c2d8214d55ce", + "sha256:5ed45ac9a613fb52dad3b61c8dea2ec9510bf3108d4db88422bacc7d1ba1243d", + "sha256:6d23d7822140e3fef190734216cefb262521789367fbdc0b3f22af6744058982", + "sha256:7670242e90dc129c539e9ca17665e39a146a761e681805c54fbd86015c7c84f7", + "sha256:7b4d10b0f016616a0d93d24a448100adf1699712fb7a4efd0e2c32bbb219b173", + "sha256:7cb5936e686e782fddb1c73f8aa6f459e1ad38a6a7b0e54b403f1f05a1507ee9", + "sha256:7d56124b7a61d092cb52cce34182a5280e160e6aff3137172a68c2c2c4b76bcb", + "sha256:840015166dbdfbc47992871325799fd2dc0dcf9395e401ada6d88fe11498abad", + "sha256:9c74de4c77b849e6359c6f01987e94873c707098322b91490d24296f66d067dc", + "sha256:b15b75fc53a2fbcac8a87d3e20f69874d161beef13954747e053bca7a1ce53a0", + "sha256:cfcce6f0a384d0da692119f2d72d79ed07c7159879d0bb1bb32d2e443382bf3a", + "sha256:d431e6739f727bb2e0495df64a6c7a5310758e87505f5f8cde9ff6c0f2d7e4fe", + "sha256:e293e4c2f4a992b980032bbd62df07c1bcff82d6964d6c9496f2cd726e246ace", + "sha256:ec3f8e6234c4e46ff9e16d9ae96f4ef69fa328bb4ad08198c8cee45bb1f08c69" ], "index": "pypi", - "version": "==22.8.0" + "markers": "python_version >= '3.8'", + "version": "==23.10.1" }, "click": { "hashes": [ - "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e", - "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48" + "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28", + "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de" ], "markers": "python_version >= '3.7'", - "version": "==8.1.3" + "version": "==8.1.7" }, "execnet": { "hashes": [ - "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5", - "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142" + "sha256:88256416ae766bc9e8895c76a87928c0012183da3cc4fc18016e6f050e025f41", + "sha256:cc59bc4423742fd71ad227122eb0dd44db51efb3dc4095b45ac9a08c770096af" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.9.0" + "markers": "python_version >= '3.7'", + "version": "==2.0.2" }, "iniconfig": { "hashes": [ - "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3", - "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32" + "sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3", + "sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374" ], - "version": "==1.1.1" + "markers": "python_version >= '3.7'", + "version": "==2.0.0" }, "mypy-extensions": { "hashes": [ - "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d", - "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8" + "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d", + "sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782" ], - "version": "==0.4.3" + "markers": "python_version >= '3.5'", + "version": "==1.0.0" }, "packaging": { "hashes": [ - "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb", - "sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522" + "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5", + "sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7" ], - "markers": "python_version >= '3.6'", - "version": "==21.3" + "markers": "python_version >= '3.7'", + "version": "==23.2" }, "pathspec": { "hashes": [ - "sha256:46846318467efc4556ccfd27816e004270a9eeeeb4d062ce5e6fc7a87c573f93", - "sha256:7ace6161b621d31e7902eb6b5ae148d12cfd23f4a249b9ffb6b9fee12084323d" + "sha256:1d6ed233af05e679efb96b1851550ea95bbb64b7c490b0f5aa52996c11e92a20", + "sha256:e0d8d0ac2f12da61956eb2306b69f9469b42f4deb0f3cb6ed47b9cce9996ced3" ], "markers": "python_version >= '3.7'", - "version": "==0.10.1" + "version": "==0.11.2" }, "platformdirs": { "hashes": [ - "sha256:027d8e83a2d7de06bbac4e5ef7e023c02b863d7ea5d079477e722bb41ab25788", - "sha256:58c8abb07dcb441e6ee4b11d8df0ac856038f944ab98b7be6b27b2a3c7feef19" + "sha256:cf8ee52a3afdb965072dcc652433e0c7e3e40cf5ea1477cd4b3b1d2eb75495b3", + "sha256:e9d171d00af68be50e9202731309c4e658fd8bc76f55c11c7dd760d023bda68e" ], "markers": "python_version >= '3.7'", - "version": "==2.5.2" + "version": "==3.11.0" }, "pluggy": { "hashes": [ - "sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159", - "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3" + "sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12", + "sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7" ], - "markers": "python_version >= '3.6'", - "version": "==1.0.0" + "markers": "python_version >= '3.8'", + "version": "==1.3.0" }, "py": { "hashes": [ @@ -123,29 +121,22 @@ "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==1.11.0" }, - "pyparsing": { - "hashes": [ - "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb", - "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc" - ], - "markers": "python_full_version >= '3.6.8'", - "version": "==3.0.9" - }, "pytest": { "hashes": [ "sha256:1377bda3466d70b55e3f5cecfa55bb7cfcf219c7964629b967c37cf0bda818b7", "sha256:4f365fec2dff9c1162f834d9f18af1ba13062db0c708bf7b946f8a5c76180c39" ], "index": "pypi", + "markers": "python_version >= '3.7'", "version": "==7.1.3" }, "pytest-forked": { "hashes": [ - "sha256:8b67587c8f98cbbadfdd804539ed5455b6ed03802203485dd2f53c1422d7440e", - "sha256:bbbb6717efc886b9d64537b41fb1497cfaf3c9601276be8da2cccfea5a3c8ad8" + "sha256:4dafd46a9a600f65d822b8f605133ecf5b3e1941ebb3588e943b4e3eb71a5a3f", + "sha256:810958f66a91afb1a1e2ae83089d8dc1cd2437ac96b12963042fbb9fb4d16af0" ], - "markers": "python_version >= '3.6'", - "version": "==1.4.0" + "markers": "python_version >= '3.7'", + "version": "==1.6.0" }, "pytest-testinfra": { "hashes": [ @@ -153,6 +144,7 @@ "sha256:56ac1dfc61342632a1189091473e253db1a3cdcecce0d49d6a769f33cd264814" ], "index": "pypi", + "markers": "python_version >= '3.6'", "version": "==6.8.0" }, "pytest-xdist": { @@ -161,6 +153,7 @@ "sha256:6fe5c74fec98906deb8f2d2b616b5c782022744978e7bd4695d39c8f42d0ce65" ], "index": "pypi", + "markers": "python_version >= '3.6'", "version": "==2.5.0" }, "tomli": { @@ -168,7 +161,7 @@ "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc", "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f" ], - "markers": "python_full_version < '3.11.0a7'", + "markers": "python_version >= '3.7'", "version": "==2.0.1" } }, From ae85a85d12a9aea50185ce4ce38d3226994f83e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:26:35 +0000 Subject: [PATCH 109/175] Bump pytest-testinfra from 6.8.0 to 9.0.0 in /test Bumps [pytest-testinfra](https://github.com/pytest-dev/pytest-testinfra) from 6.8.0 to 9.0.0. - [Release notes](https://github.com/pytest-dev/pytest-testinfra/releases) - [Changelog](https://github.com/pytest-dev/pytest-testinfra/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-testinfra/compare/6.8.0...9.0.0) --- updated-dependencies: - dependency-name: pytest-testinfra dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index dca5dc6..ce08a70 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -8,7 +8,7 @@ verify_ssl = true [packages] pytest = "==7.1.3" pytest-xdist = "==2.5.0" -pytest-testinfra = "==6.8.0" +pytest-testinfra = "==9.0.0" black = "==23.10.1" [requires] diff --git a/test/Pipfile.lock b/test/Pipfile.lock index 1e0bbbb..a0b8ca1 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "927e5435865842ecaced4522126b3e2483cca379394383f8d8a37eedb63f6b51" + "sha256": "633c516981d07e05e2b06eeaeb63b2569656a4f55a2b08c5da10ccc355298715" }, "pipfile-spec": 6, "requires": { @@ -140,12 +140,12 @@ }, "pytest-testinfra": { "hashes": [ - "sha256:07c8c2c472aca7d83099ebc5f850d383721cd654b66c60ffbb145e45e584ff99", - "sha256:56ac1dfc61342632a1189091473e253db1a3cdcecce0d49d6a769f33cd264814" + "sha256:2cb0fab78c17ed68edc3c812ef68905e19665060f94ce0f1601f5cd0ea4d258c", + "sha256:5311b369e0546920fce464c3bf945b55ebe75a127568f6d615e94b8891340149" ], "index": "pypi", - "markers": "python_version >= '3.6'", - "version": "==6.8.0" + "markers": "python_version >= '3.9'", + "version": "==9.0.0" }, "pytest-xdist": { "hashes": [ From cecdae4dbd9a3085f51e530c28beed4539f20cbf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:42:04 +0000 Subject: [PATCH 110/175] Bump pytest-xdist from 2.5.0 to 3.3.1 in /test Bumps [pytest-xdist](https://github.com/pytest-dev/pytest-xdist) from 2.5.0 to 3.3.1. - [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-xdist/compare/v2.5.0...v3.3.1) --- updated-dependencies: - dependency-name: pytest-xdist dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 18 +++++------------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index ce08a70..ead516b 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -7,7 +7,7 @@ verify_ssl = true [packages] pytest = "==7.1.3" -pytest-xdist = "==2.5.0" +pytest-xdist = "==3.3.1" pytest-testinfra = "==9.0.0" black = "==23.10.1" diff --git a/test/Pipfile.lock b/test/Pipfile.lock index a0b8ca1..3ff96d4 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "633c516981d07e05e2b06eeaeb63b2569656a4f55a2b08c5da10ccc355298715" + "sha256": "e61d4fb1f584576e4fca35876d4622d4771b3cfc12f686511dac723fe4763b71" }, "pipfile-spec": 6, "requires": { @@ -130,14 +130,6 @@ "markers": "python_version >= '3.7'", "version": "==7.1.3" }, - "pytest-forked": { - "hashes": [ - "sha256:4dafd46a9a600f65d822b8f605133ecf5b3e1941ebb3588e943b4e3eb71a5a3f", - "sha256:810958f66a91afb1a1e2ae83089d8dc1cd2437ac96b12963042fbb9fb4d16af0" - ], - "markers": "python_version >= '3.7'", - "version": "==1.6.0" - }, "pytest-testinfra": { "hashes": [ "sha256:2cb0fab78c17ed68edc3c812ef68905e19665060f94ce0f1601f5cd0ea4d258c", @@ -149,12 +141,12 @@ }, "pytest-xdist": { "hashes": [ - "sha256:4580deca3ff04ddb2ac53eba39d76cb5dd5edeac050cb6fbc768b0dd712b4edf", - "sha256:6fe5c74fec98906deb8f2d2b616b5c782022744978e7bd4695d39c8f42d0ce65" + "sha256:d5ee0520eb1b7bcca50a60a518ab7a7707992812c578198f8b44fdfac78e8c93", + "sha256:ff9daa7793569e6a68544850fd3927cd257cc03a7ef76c95e86915355e82b5f2" ], "index": "pypi", - "markers": "python_version >= '3.6'", - "version": "==2.5.0" + "markers": "python_version >= '3.7'", + "version": "==3.3.1" }, "tomli": { "hashes": [ From a651b0bfabf2bdbd92c9f938b648a527155f9072 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:46:30 +0000 Subject: [PATCH 111/175] Bump pytest from 7.1.3 to 7.4.3 in /test Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.1.3 to 7.4.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.1.3...7.4.3) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 32 ++++---------------------------- 2 files changed, 5 insertions(+), 29 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index ead516b..d8593b1 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -6,7 +6,7 @@ verify_ssl = true [dev-packages] [packages] -pytest = "==7.1.3" +pytest = "==7.4.3" pytest-xdist = "==3.3.1" pytest-testinfra = "==9.0.0" black = "==23.10.1" diff --git a/test/Pipfile.lock b/test/Pipfile.lock index 3ff96d4..ce3f9a4 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "e61d4fb1f584576e4fca35876d4622d4771b3cfc12f686511dac723fe4763b71" + "sha256": "f2bf7737e9c805fd250dec676cd4e43deffb85a1b8d709b2817cefafcecf8ab6" }, "pipfile-spec": 6, "requires": { @@ -16,14 +16,6 @@ ] }, "default": { - "attrs": { - "hashes": [ - "sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04", - "sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015" - ], - "markers": "python_version >= '3.7'", - "version": "==23.1.0" - }, "black": { "hashes": [ "sha256:037e9b4664cafda5f025a1728c50a9e9aedb99a759c89f760bd83730e76ba884", @@ -113,22 +105,14 @@ "markers": "python_version >= '3.8'", "version": "==1.3.0" }, - "py": { - "hashes": [ - "sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719", - "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.11.0" - }, "pytest": { "hashes": [ - "sha256:1377bda3466d70b55e3f5cecfa55bb7cfcf219c7964629b967c37cf0bda818b7", - "sha256:4f365fec2dff9c1162f834d9f18af1ba13062db0c708bf7b946f8a5c76180c39" + "sha256:0d009c083ea859a71b76adf7c1d502e4bc170b80a8ef002da5806527b9591fac", + "sha256:d989d136982de4e3b29dabcc838ad581c64e8ed52c11fbe86ddebd9da0818cd5" ], "index": "pypi", "markers": "python_version >= '3.7'", - "version": "==7.1.3" + "version": "==7.4.3" }, "pytest-testinfra": { "hashes": [ @@ -147,14 +131,6 @@ "index": "pypi", "markers": "python_version >= '3.7'", "version": "==3.3.1" - }, - "tomli": { - "hashes": [ - "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc", - "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f" - ], - "markers": "python_version >= '3.7'", - "version": "==2.0.1" } }, "develop": {} From 23fe63dff6f8122eb3f4c5f3fa42a1ffab001b8a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 29 Oct 2023 20:42:21 +0000 Subject: [PATCH 112/175] Get rid of the SKIPGRAVITYONBOOT environment variable. Instead, only run gravity on a fresh volume if the gravity database does not exist. There isn't really any need for gravity to be updated on every start (current default behaviour) This will still run the gravity migration scripts on every boot if the gravity database exists Signed-off-by: Adam Warner --- README.md | 1 - src/start.sh | 13 ++----------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 9ed7270..be83bf1 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,6 @@ To explicitly set no password, set `FTLCONF_webserver_api_password: ''` | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | | `TAIL_FTL_LOG` | unset | `` | Whether or not to output the FTL log when running the. Useful for debugging/watching what FTL is doing. -| `SKIPGRAVITYONBOOT` | unset | `` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up. | `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole.toml with settings described in the . Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`
Array type configs should be delimited with `;`| | `PIHOLE_UID` | `100` | Number | Overrides image's default pihole user id to match a host user id
**IMPORTANT**: id must not already be in use inside the container! | | `PIHOLE_GID` | `101` | Number | Overrides image's default pihole group id to match a host group id
**IMPORTANT**: id must not already be in use inside the container!| diff --git a/src/start.sh b/src/start.sh index 66a0792..89d2635 100644 --- a/src/start.sh +++ b/src/start.sh @@ -83,23 +83,14 @@ start() { gravityDBfile=$(getFTLConfigValue files.gravity) if [ ! -f "${gravityDBfile}" ]; then - if [ -n "${SKIPGRAVITYONBOOT}" ]; then - echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." - echo " Ignoring SKIPGRAVITYONBOOT on this occasion." - unset SKIPGRAVITYONBOOT - fi + echo " [i] ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." + pihole -g else # TODO: Revisit this path if we move to a multistage build source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" fi - if [ -n "${SKIPGRAVITYONBOOT}" ]; then - echo " [i] Skipping Gravity Database Update." - else - pihole -g - fi - pihole updatechecker echo " [i] Docker start setup complete" From 8a6bda4a897c3ef3d0c422673d728ecb6bfe467e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 3 Nov 2023 22:05:29 +0100 Subject: [PATCH 113/175] Create dir for logrotate statefile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Dockerfile b/src/Dockerfile index c39caa0..869dadc 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -65,6 +65,7 @@ RUN cd /etc/.pihole && \ install -Dm755 -d /etc/pihole && \ install -Dm644 -t /etc/pihole ./advanced/Templates/logrotate && \ install -Dm755 -d /var/log/pihole && \ + install -Dm755 -d /var/lib/logrotate && \ install -Dm755 -t /usr/local/bin pihole && \ install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \ install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \ From 7f89be5b1d7b60f9dbbc6285f82826b181951905 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 6 Nov 2023 21:43:42 +0000 Subject: [PATCH 114/175] install the logrotate file into /etc/pihole at startup in case of volume mounting Signed-off-by: Adam Warner --- src/bash_functions.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 8ef0d10..c779e8c 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -40,6 +40,7 @@ ensure_basic_configuration() { touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log chown -R pihole:pihole /var/run/pihole /var/log/pihole + if [[ -z "${PYTEST}" ]]; then if [[ ! -f /etc/pihole/adlists.list ]]; then echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >/etc/pihole/adlists.list @@ -54,6 +55,11 @@ ensure_basic_configuration() { setFTLConfigValue "files.macvendor" "/macvendor.db" chown pihole:pihole /macvendor.db fi + + # Install the logrotate config file - this is done already in Dockerfile + # but if a user has mounted a volume over /etc/pihole, it will have been lost + # pihole-FTL-prestart.sh will set the ownership of the file to root:root + install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate } setup_web_password() { From 022c0cc953dd721deb0dec4c08f12a8e2efdf7cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 Nov 2023 10:08:58 +0000 Subject: [PATCH 115/175] Bump pytest-testinfra from 9.0.0 to 10.0.0 in /test Bumps [pytest-testinfra](https://github.com/pytest-dev/pytest-testinfra) from 9.0.0 to 10.0.0. - [Release notes](https://github.com/pytest-dev/pytest-testinfra/releases) - [Changelog](https://github.com/pytest-dev/pytest-testinfra/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-testinfra/compare/9.0.0...10.0.0) --- updated-dependencies: - dependency-name: pytest-testinfra dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index d8593b1..ff5bf80 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -8,7 +8,7 @@ verify_ssl = true [packages] pytest = "==7.4.3" pytest-xdist = "==3.3.1" -pytest-testinfra = "==9.0.0" +pytest-testinfra = "==10.0.0" black = "==23.10.1" [requires] diff --git a/test/Pipfile.lock b/test/Pipfile.lock index ce3f9a4..0a3f706 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "f2bf7737e9c805fd250dec676cd4e43deffb85a1b8d709b2817cefafcecf8ab6" + "sha256": "96a108f3e31d48b8881751ed35e434d64a687b450a97f2fec5b1136cece7de49" }, "pipfile-spec": 6, "requires": { @@ -116,12 +116,12 @@ }, "pytest-testinfra": { "hashes": [ - "sha256:2cb0fab78c17ed68edc3c812ef68905e19665060f94ce0f1601f5cd0ea4d258c", - "sha256:5311b369e0546920fce464c3bf945b55ebe75a127568f6d615e94b8891340149" + "sha256:03be2824aece7a5eda8bb4f9dbed4d8c821efcfbbc13e13df17f392c229a44ed", + "sha256:2fb7d0185458a9ba669ff14d0ddbec8b3900c6bde3fb6fad9b097374ce4ab77d" ], "index": "pypi", "markers": "python_version >= '3.9'", - "version": "==9.0.0" + "version": "==10.0.0" }, "pytest-xdist": { "hashes": [ From 69f06b85bb4a6227eedf9538dfdac7d69220969b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 Nov 2023 10:46:00 +0000 Subject: [PATCH 116/175] Bump pytest-xdist from 3.3.1 to 3.4.0 in /test Bumps [pytest-xdist](https://github.com/pytest-dev/pytest-xdist) from 3.3.1 to 3.4.0. - [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-xdist/compare/v3.3.1...v3.4.0) --- updated-dependencies: - dependency-name: pytest-xdist dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index ff5bf80..d0e19f5 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -7,7 +7,7 @@ verify_ssl = true [packages] pytest = "==7.4.3" -pytest-xdist = "==3.3.1" +pytest-xdist = "==3.4.0" pytest-testinfra = "==10.0.0" black = "==23.10.1" diff --git a/test/Pipfile.lock b/test/Pipfile.lock index 0a3f706..1df55a7 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "96a108f3e31d48b8881751ed35e434d64a687b450a97f2fec5b1136cece7de49" + "sha256": "9c1a310e67e3c03f5e510d23cbcf0157633817d9ad8ae642e9df4f140680f3de" }, "pipfile-spec": 6, "requires": { @@ -125,12 +125,12 @@ }, "pytest-xdist": { "hashes": [ - "sha256:d5ee0520eb1b7bcca50a60a518ab7a7707992812c578198f8b44fdfac78e8c93", - "sha256:ff9daa7793569e6a68544850fd3927cd257cc03a7ef76c95e86915355e82b5f2" + "sha256:3a94a931dd9e268e0b871a877d09fe2efb6175c2c23d60d56a6001359002b832", + "sha256:e513118bf787677a427e025606f55e95937565e06dfaac8d87f55301e57ae607" ], "index": "pypi", "markers": "python_version >= '3.7'", - "version": "==3.3.1" + "version": "==3.4.0" } }, "develop": {} From cb38658a93466efdecee71debb9ba41718716c0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 Nov 2023 10:49:49 +0000 Subject: [PATCH 117/175] Bump black from 23.10.1 to 23.11.0 in /test Bumps [black](https://github.com/psf/black) from 23.10.1 to 23.11.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.10.1...23.11.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 46 +++++++++++++++++++++++----------------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index d0e19f5..d6e7db8 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -9,7 +9,7 @@ verify_ssl = true pytest = "==7.4.3" pytest-xdist = "==3.4.0" pytest-testinfra = "==10.0.0" -black = "==23.10.1" +black = "==23.11.0" [requires] python_version = "3" diff --git a/test/Pipfile.lock b/test/Pipfile.lock index 1df55a7..ebbbe4c 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "9c1a310e67e3c03f5e510d23cbcf0157633817d9ad8ae642e9df4f140680f3de" + "sha256": "01d44ce8ca8a848c811304bca6e4810820a8f31ae7a6c6152ccc1469b9f1caf6" }, "pipfile-spec": 6, "requires": { @@ -18,28 +18,28 @@ "default": { "black": { "hashes": [ - "sha256:037e9b4664cafda5f025a1728c50a9e9aedb99a759c89f760bd83730e76ba884", - "sha256:1b917a2aa020ca600483a7b340c165970b26e9029067f019e3755b56e8dd5916", - "sha256:1f8ce316753428ff68749c65a5f7844631aa18c8679dfd3ca9dc1a289979c258", - "sha256:33d40f5b06be80c1bbce17b173cda17994fbad096ce60eb22054da021bf933d1", - "sha256:3f157a8945a7b2d424da3335f7ace89c14a3b0625e6593d21139c2d8214d55ce", - "sha256:5ed45ac9a613fb52dad3b61c8dea2ec9510bf3108d4db88422bacc7d1ba1243d", - "sha256:6d23d7822140e3fef190734216cefb262521789367fbdc0b3f22af6744058982", - "sha256:7670242e90dc129c539e9ca17665e39a146a761e681805c54fbd86015c7c84f7", - "sha256:7b4d10b0f016616a0d93d24a448100adf1699712fb7a4efd0e2c32bbb219b173", - "sha256:7cb5936e686e782fddb1c73f8aa6f459e1ad38a6a7b0e54b403f1f05a1507ee9", - "sha256:7d56124b7a61d092cb52cce34182a5280e160e6aff3137172a68c2c2c4b76bcb", - "sha256:840015166dbdfbc47992871325799fd2dc0dcf9395e401ada6d88fe11498abad", - "sha256:9c74de4c77b849e6359c6f01987e94873c707098322b91490d24296f66d067dc", - "sha256:b15b75fc53a2fbcac8a87d3e20f69874d161beef13954747e053bca7a1ce53a0", - "sha256:cfcce6f0a384d0da692119f2d72d79ed07c7159879d0bb1bb32d2e443382bf3a", - "sha256:d431e6739f727bb2e0495df64a6c7a5310758e87505f5f8cde9ff6c0f2d7e4fe", - "sha256:e293e4c2f4a992b980032bbd62df07c1bcff82d6964d6c9496f2cd726e246ace", - "sha256:ec3f8e6234c4e46ff9e16d9ae96f4ef69fa328bb4ad08198c8cee45bb1f08c69" + "sha256:250d7e60f323fcfc8ea6c800d5eba12f7967400eb6c2d21ae85ad31c204fb1f4", + "sha256:2a9acad1451632021ee0d146c8765782a0c3846e0e0ea46659d7c4f89d9b212b", + "sha256:412f56bab20ac85927f3a959230331de5614aecda1ede14b373083f62ec24e6f", + "sha256:421f3e44aa67138ab1b9bfbc22ee3780b22fa5b291e4db8ab7eee95200726b07", + "sha256:45aa1d4675964946e53ab81aeec7a37613c1cb71647b5394779e6efb79d6d187", + "sha256:4c44b7211a3a0570cc097e81135faa5f261264f4dfaa22bd5ee2875a4e773bd6", + "sha256:4c68855825ff432d197229846f971bc4d6666ce90492e5b02013bcaca4d9ab05", + "sha256:5133f5507007ba08d8b7b263c7aa0f931af5ba88a29beacc4b2dc23fcefe9c06", + "sha256:54caaa703227c6e0c87b76326d0862184729a69b73d3b7305b6288e1d830067e", + "sha256:58e5f4d08a205b11800332920e285bd25e1a75c54953e05502052738fe16b3b5", + "sha256:698c1e0d5c43354ec5d6f4d914d0d553a9ada56c85415700b81dc90125aac244", + "sha256:6c1cac07e64433f646a9a838cdc00c9768b3c362805afc3fce341af0e6a9ae9f", + "sha256:760415ccc20f9e8747084169110ef75d545f3b0932ee21368f63ac0fee86b221", + "sha256:7f622b6822f02bfaf2a5cd31fdb7cd86fcf33dab6ced5185c35f5db98260b055", + "sha256:cf57719e581cfd48c4efe28543fea3d139c6b6f1238b3f0102a9c73992cbb479", + "sha256:d136ef5b418c81660ad847efe0e55c58c8208b77a57a28a503a5f345ccf01394", + "sha256:dbea0bb8575c6b6303cc65017b46351dc5953eea5c0a59d7b7e3a2d2f433a911", + "sha256:fc7f6a44d52747e65a02558e1d807c82df1d66ffa80a601862040a43ec2e3142" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==23.10.1" + "version": "==23.11.0" }, "click": { "hashes": [ @@ -91,11 +91,11 @@ }, "platformdirs": { "hashes": [ - "sha256:cf8ee52a3afdb965072dcc652433e0c7e3e40cf5ea1477cd4b3b1d2eb75495b3", - "sha256:e9d171d00af68be50e9202731309c4e658fd8bc76f55c11c7dd760d023bda68e" + "sha256:118c954d7e949b35437270383a3f2531e99dd93cf7ce4dc8340d3356d30f173b", + "sha256:cb633b2bcf10c51af60beb0ab06d2f1d69064b43abf4c185ca6b28865f3f9731" ], "markers": "python_version >= '3.7'", - "version": "==3.11.0" + "version": "==4.0.0" }, "pluggy": { "hashes": [ From 6842f000c18c239cdca77b35a8970c3a51bd602f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 Nov 2023 10:05:19 +0000 Subject: [PATCH 118/175] Bump pytest-xdist from 3.4.0 to 3.5.0 in /test Bumps [pytest-xdist](https://github.com/pytest-dev/pytest-xdist) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/pytest-dev/pytest-xdist/releases) - [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-xdist/compare/v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: pytest-xdist dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index d6e7db8..98cbcbc 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -7,7 +7,7 @@ verify_ssl = true [packages] pytest = "==7.4.3" -pytest-xdist = "==3.4.0" +pytest-xdist = "==3.5.0" pytest-testinfra = "==10.0.0" black = "==23.11.0" diff --git a/test/Pipfile.lock b/test/Pipfile.lock index ebbbe4c..5db837a 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "01d44ce8ca8a848c811304bca6e4810820a8f31ae7a6c6152ccc1469b9f1caf6" + "sha256": "395cf8394dbfe43a05ad695e37f3fcede7c2bf6366111fdfcae418e4ea40ce7f" }, "pipfile-spec": 6, "requires": { @@ -125,12 +125,12 @@ }, "pytest-xdist": { "hashes": [ - "sha256:3a94a931dd9e268e0b871a877d09fe2efb6175c2c23d60d56a6001359002b832", - "sha256:e513118bf787677a427e025606f55e95937565e06dfaac8d87f55301e57ae607" + "sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a", + "sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24" ], "index": "pypi", "markers": "python_version >= '3.7'", - "version": "==3.4.0" + "version": "==3.5.0" } }, "develop": {} From 8fc242c8b69ae0b26a82682972598f38ad6a1a54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 10:36:29 +0000 Subject: [PATCH 119/175] Bump actions/stale from 8.0.0 to 9.0.0 Bumps [actions/stale](https://github.com/actions/stale) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v8.0.0...v9.0.0) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yml | 2 +- .github/workflows/stale_pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 6c50db4..337aff9 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: issues: write steps: - - uses: actions/stale@v8.0.0 + - uses: actions/stale@v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 30 diff --git a/.github/workflows/stale_pr.yml b/.github/workflows/stale_pr.yml index c544359..9f0b774 100644 --- a/.github/workflows/stale_pr.yml +++ b/.github/workflows/stale_pr.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v8.0.0 + - uses: actions/stale@v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Do not automatically mark PR/issue as stale From 0290369f34fe2c709fbe8778bcac008ec1774618 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 16 Dec 2023 10:18:26 +0000 Subject: [PATCH 120/175] Bump black from 23.11.0 to 23.12.0 in /test Bumps [black](https://github.com/psf/black) from 23.11.0 to 23.12.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.11.0...23.12.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- test/Pipfile | 2 +- test/Pipfile.lock | 424 +++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 397 insertions(+), 29 deletions(-) diff --git a/test/Pipfile b/test/Pipfile index 98cbcbc..846612c 100644 --- a/test/Pipfile +++ b/test/Pipfile @@ -9,7 +9,7 @@ verify_ssl = true pytest = "==7.4.3" pytest-xdist = "==3.5.0" pytest-testinfra = "==10.0.0" -black = "==23.11.0" +black = "==23.12.0" [requires] python_version = "3" diff --git a/test/Pipfile.lock b/test/Pipfile.lock index 5db837a..b157785 100644 --- a/test/Pipfile.lock +++ b/test/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "395cf8394dbfe43a05ad695e37f3fcede7c2bf6366111fdfcae418e4ea40ce7f" + "sha256": "ee713db2be03b10e96b6eb2c898bdd9240d4c02baed37e6850a4338a6c1dad62" }, "pipfile-spec": 6, "requires": { @@ -16,30 +16,131 @@ ] }, "default": { + "aiohttp": { + "hashes": [ + "sha256:02ab6006ec3c3463b528374c4cdce86434e7b89ad355e7bf29e2f16b46c7dd6f", + "sha256:04fa38875e53eb7e354ece1607b1d2fdee2d175ea4e4d745f6ec9f751fe20c7c", + "sha256:0b0a6a36ed7e164c6df1e18ee47afbd1990ce47cb428739d6c99aaabfaf1b3af", + "sha256:0d406b01a9f5a7e232d1b0d161b40c05275ffbcbd772dc18c1d5a570961a1ca4", + "sha256:0e49b08eafa4f5707ecfb321ab9592717a319e37938e301d462f79b4e860c32a", + "sha256:0e7ba7ff228c0d9a2cd66194e90f2bca6e0abca810b786901a569c0de082f489", + "sha256:11cb254e397a82efb1805d12561e80124928e04e9c4483587ce7390b3866d213", + "sha256:11ff168d752cb41e8492817e10fb4f85828f6a0142b9726a30c27c35a1835f01", + "sha256:176df045597e674fa950bf5ae536be85699e04cea68fa3a616cf75e413737eb5", + "sha256:219a16763dc0294842188ac8a12262b5671817042b35d45e44fd0a697d8c8361", + "sha256:22698f01ff5653fe66d16ffb7658f582a0ac084d7da1323e39fd9eab326a1f26", + "sha256:237533179d9747080bcaad4d02083ce295c0d2eab3e9e8ce103411a4312991a0", + "sha256:289ba9ae8e88d0ba16062ecf02dd730b34186ea3b1e7489046fc338bdc3361c4", + "sha256:2c59e0076ea31c08553e868cec02d22191c086f00b44610f8ab7363a11a5d9d8", + "sha256:2c9376e2b09895c8ca8b95362283365eb5c03bdc8428ade80a864160605715f1", + "sha256:3135713c5562731ee18f58d3ad1bf41e1d8883eb68b363f2ffde5b2ea4b84cc7", + "sha256:3b9c7426923bb7bd66d409da46c41e3fb40f5caf679da624439b9eba92043fa6", + "sha256:3c0266cd6f005e99f3f51e583012de2778e65af6b73860038b968a0a8888487a", + "sha256:41473de252e1797c2d2293804e389a6d6986ef37cbb4a25208de537ae32141dd", + "sha256:4831df72b053b1eed31eb00a2e1aff6896fb4485301d4ccb208cac264b648db4", + "sha256:49f0c1b3c2842556e5de35f122fc0f0b721334ceb6e78c3719693364d4af8499", + "sha256:4b4c452d0190c5a820d3f5c0f3cd8a28ace48c54053e24da9d6041bf81113183", + "sha256:4ee8caa925aebc1e64e98432d78ea8de67b2272252b0a931d2ac3bd876ad5544", + "sha256:500f1c59906cd142d452074f3811614be04819a38ae2b3239a48b82649c08821", + "sha256:5216b6082c624b55cfe79af5d538e499cd5f5b976820eac31951fb4325974501", + "sha256:54311eb54f3a0c45efb9ed0d0a8f43d1bc6060d773f6973efd90037a51cd0a3f", + "sha256:54631fb69a6e44b2ba522f7c22a6fb2667a02fd97d636048478db2fd8c4e98fe", + "sha256:565760d6812b8d78d416c3c7cfdf5362fbe0d0d25b82fed75d0d29e18d7fc30f", + "sha256:598db66eaf2e04aa0c8900a63b0101fdc5e6b8a7ddd805c56d86efb54eb66672", + "sha256:5c4fa235d534b3547184831c624c0b7c1e262cd1de847d95085ec94c16fddcd5", + "sha256:69985d50a2b6f709412d944ffb2e97d0be154ea90600b7a921f95a87d6f108a2", + "sha256:69da0f3ed3496808e8cbc5123a866c41c12c15baaaead96d256477edf168eb57", + "sha256:6c93b7c2e52061f0925c3382d5cb8980e40f91c989563d3d32ca280069fd6a87", + "sha256:70907533db712f7aa791effb38efa96f044ce3d4e850e2d7691abd759f4f0ae0", + "sha256:81b77f868814346662c96ab36b875d7814ebf82340d3284a31681085c051320f", + "sha256:82eefaf1a996060602f3cc1112d93ba8b201dbf5d8fd9611227de2003dddb3b7", + "sha256:85c3e3c9cb1d480e0b9a64c658cd66b3cfb8e721636ab8b0e746e2d79a7a9eed", + "sha256:8a22a34bc594d9d24621091d1b91511001a7eea91d6652ea495ce06e27381f70", + "sha256:8cef8710fb849d97c533f259103f09bac167a008d7131d7b2b0e3a33269185c0", + "sha256:8d44e7bf06b0c0a70a20f9100af9fcfd7f6d9d3913e37754c12d424179b4e48f", + "sha256:8d7f98fde213f74561be1d6d3fa353656197f75d4edfbb3d94c9eb9b0fc47f5d", + "sha256:8d8e4450e7fe24d86e86b23cc209e0023177b6d59502e33807b732d2deb6975f", + "sha256:8fc49a87ac269d4529da45871e2ffb6874e87779c3d0e2ccd813c0899221239d", + "sha256:90ec72d231169b4b8d6085be13023ece8fa9b1bb495e4398d847e25218e0f431", + "sha256:91c742ca59045dce7ba76cab6e223e41d2c70d79e82c284a96411f8645e2afff", + "sha256:9b05d33ff8e6b269e30a7957bd3244ffbce2a7a35a81b81c382629b80af1a8bf", + "sha256:9b05d5cbe9dafcdc733262c3a99ccf63d2f7ce02543620d2bd8db4d4f7a22f83", + "sha256:9c5857612c9813796960c00767645cb5da815af16dafb32d70c72a8390bbf690", + "sha256:a34086c5cc285be878622e0a6ab897a986a6e8bf5b67ecb377015f06ed316587", + "sha256:ab221850108a4a063c5b8a70f00dd7a1975e5a1713f87f4ab26a46e5feac5a0e", + "sha256:b796b44111f0cab6bbf66214186e44734b5baab949cb5fb56154142a92989aeb", + "sha256:b8c3a67eb87394386847d188996920f33b01b32155f0a94f36ca0e0c635bf3e3", + "sha256:bcb6532b9814ea7c5a6a3299747c49de30e84472fa72821b07f5a9818bce0f66", + "sha256:bcc0ea8d5b74a41b621ad4a13d96c36079c81628ccc0b30cfb1603e3dfa3a014", + "sha256:bea94403a21eb94c93386d559bce297381609153e418a3ffc7d6bf772f59cc35", + "sha256:bff7e2811814fa2271be95ab6e84c9436d027a0e59665de60edf44e529a42c1f", + "sha256:c72444d17777865734aa1a4d167794c34b63e5883abb90356a0364a28904e6c0", + "sha256:c7b5d5d64e2a14e35a9240b33b89389e0035e6de8dbb7ffa50d10d8b65c57449", + "sha256:c7e939f1ae428a86e4abbb9a7c4732bf4706048818dfd979e5e2839ce0159f23", + "sha256:c88a15f272a0ad3d7773cf3a37cc7b7d077cbfc8e331675cf1346e849d97a4e5", + "sha256:c9110c06eaaac7e1f5562caf481f18ccf8f6fdf4c3323feab28a93d34cc646bd", + "sha256:ca7ca5abfbfe8d39e653870fbe8d7710be7a857f8a8386fc9de1aae2e02ce7e4", + "sha256:cae4c0c2ca800c793cae07ef3d40794625471040a87e1ba392039639ad61ab5b", + "sha256:cdefe289681507187e375a5064c7599f52c40343a8701761c802c1853a504558", + "sha256:cf2a0ac0615842b849f40c4d7f304986a242f1e68286dbf3bd7a835e4f83acfd", + "sha256:cfeadf42840c1e870dc2042a232a8748e75a36b52d78968cda6736de55582766", + "sha256:d737e69d193dac7296365a6dcb73bbbf53bb760ab25a3727716bbd42022e8d7a", + "sha256:d7481f581251bb5558ba9f635db70908819caa221fc79ee52a7f58392778c636", + "sha256:df9cf74b9bc03d586fc53ba470828d7b77ce51b0582d1d0b5b2fb673c0baa32d", + "sha256:e1f80197f8b0b846a8d5cf7b7ec6084493950d0882cc5537fb7b96a69e3c8590", + "sha256:ecca113f19d5e74048c001934045a2b9368d77b0b17691d905af18bd1c21275e", + "sha256:ee2527134f95e106cc1653e9ac78846f3a2ec1004cf20ef4e02038035a74544d", + "sha256:f27fdaadce22f2ef950fc10dcdf8048407c3b42b73779e48a4e76b3c35bca26c", + "sha256:f694dc8a6a3112059258a725a4ebe9acac5fe62f11c77ac4dcf896edfa78ca28", + "sha256:f800164276eec54e0af5c99feb9494c295118fc10a11b997bbb1348ba1a52065", + "sha256:ffcd828e37dc219a72c9012ec44ad2e7e3066bec6ff3aaa19e7d435dbf4032ca" + ], + "version": "==3.9.1" + }, + "aiosignal": { + "hashes": [ + "sha256:54cd96e15e1649b75d6c87526a6ff0b6c1b0dd3459f43d9ca11d48c339b68cfc", + "sha256:f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17" + ], + "markers": "python_version >= '3.7'", + "version": "==1.3.1" + }, + "attrs": { + "hashes": [ + "sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04", + "sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015" + ], + "markers": "python_version >= '3.7'", + "version": "==23.1.0" + }, "black": { "hashes": [ - "sha256:250d7e60f323fcfc8ea6c800d5eba12f7967400eb6c2d21ae85ad31c204fb1f4", - "sha256:2a9acad1451632021ee0d146c8765782a0c3846e0e0ea46659d7c4f89d9b212b", - "sha256:412f56bab20ac85927f3a959230331de5614aecda1ede14b373083f62ec24e6f", - "sha256:421f3e44aa67138ab1b9bfbc22ee3780b22fa5b291e4db8ab7eee95200726b07", - "sha256:45aa1d4675964946e53ab81aeec7a37613c1cb71647b5394779e6efb79d6d187", - "sha256:4c44b7211a3a0570cc097e81135faa5f261264f4dfaa22bd5ee2875a4e773bd6", - "sha256:4c68855825ff432d197229846f971bc4d6666ce90492e5b02013bcaca4d9ab05", - "sha256:5133f5507007ba08d8b7b263c7aa0f931af5ba88a29beacc4b2dc23fcefe9c06", - "sha256:54caaa703227c6e0c87b76326d0862184729a69b73d3b7305b6288e1d830067e", - "sha256:58e5f4d08a205b11800332920e285bd25e1a75c54953e05502052738fe16b3b5", - "sha256:698c1e0d5c43354ec5d6f4d914d0d553a9ada56c85415700b81dc90125aac244", - "sha256:6c1cac07e64433f646a9a838cdc00c9768b3c362805afc3fce341af0e6a9ae9f", - "sha256:760415ccc20f9e8747084169110ef75d545f3b0932ee21368f63ac0fee86b221", - "sha256:7f622b6822f02bfaf2a5cd31fdb7cd86fcf33dab6ced5185c35f5db98260b055", - "sha256:cf57719e581cfd48c4efe28543fea3d139c6b6f1238b3f0102a9c73992cbb479", - "sha256:d136ef5b418c81660ad847efe0e55c58c8208b77a57a28a503a5f345ccf01394", - "sha256:dbea0bb8575c6b6303cc65017b46351dc5953eea5c0a59d7b7e3a2d2f433a911", - "sha256:fc7f6a44d52747e65a02558e1d807c82df1d66ffa80a601862040a43ec2e3142" + "sha256:12d5f10cce8dc27202e9a252acd1c9a426c83f95496c959406c96b785a92bb7d", + "sha256:193946e634e80bfb3aec41830f5d7431f8dd5b20d11d89be14b84a97c6b8bc75", + "sha256:330a327b422aca0634ecd115985c1c7fd7bdb5b5a2ef8aa9888a82e2ebe9437a", + "sha256:39dda060b9b395a6b7bf9c5db28ac87b3c3f48d4fdff470fa8a94ab8271da47e", + "sha256:593596f699ca2dcbbbdfa59fcda7d8ad6604370c10228223cd6cf6ce1ce7ed7e", + "sha256:67f19562d367468ab59bd6c36a72b2c84bc2f16b59788690e02bbcb140a77175", + "sha256:6a82a711d13e61840fb11a6dfecc7287f2424f1ca34765e70c909a35ffa7fb95", + "sha256:7231670266ca5191a76cb838185d9be59cfa4f5dd401b7c1c70b993c58f6b1b5", + "sha256:72db37a2266b16d256b3ea88b9affcdd5c41a74db551ec3dd4609a59c17d25bf", + "sha256:81a832b6e00eef2c13b3239d514ea3b7d5cc3eaa03d0474eedcbbda59441ba5d", + "sha256:97af22278043a6a1272daca10a6f4d36c04dfa77e61cbaaf4482e08f3640e9f0", + "sha256:996650a89fe5892714ea4ea87bc45e41a59a1e01675c42c433a35b490e5aa3f0", + "sha256:a7c07db8200b5315dc07e331dda4d889a56f6bf4db6a9c2a526fa3166a81614f", + "sha256:ace64c1a349c162d6da3cef91e3b0e78c4fc596ffde9413efa0525456148873d", + "sha256:ba09cae1657c4f8a8c9ff6cfd4a6baaf915bb4ef7d03acffe6a2f6585fa1bd01", + "sha256:bbd75d9f28a7283b7426160ca21c5bd640ca7cd8ef6630b4754b6df9e2da8462", + "sha256:bcf91b01ddd91a2fed9a8006d7baa94ccefe7e518556470cf40213bd3d44bbbc", + "sha256:bdbff34c487239a63d86db0c9385b27cdd68b1bfa4e706aa74bb94a435403672", + "sha256:c71048345bdbced456cddf1622832276d98a710196b842407840ae8055ade6ee", + "sha256:e73c5e3d37e5a3513d16b33305713237a234396ae56769b839d7c40759b8a41c", + "sha256:ead25c273adfad1095a8ad32afdb8304933efba56e3c1d31b0fee4143a1e424a", + "sha256:fdf6f23c83078a6c8da2442f4d4eeb19c28ac2a6416da7671b72f0295c4a697b" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==23.11.0" + "version": "==23.12.0" }, "click": { "hashes": [ @@ -57,6 +158,97 @@ "markers": "python_version >= '3.7'", "version": "==2.0.2" }, + "frozenlist": { + "hashes": [ + "sha256:04ced3e6a46b4cfffe20f9ae482818e34eba9b5fb0ce4056e4cc9b6e212d09b7", + "sha256:0633c8d5337cb5c77acbccc6357ac49a1770b8c487e5b3505c57b949b4b82e98", + "sha256:068b63f23b17df8569b7fdca5517edef76171cf3897eb68beb01341131fbd2ad", + "sha256:0c250a29735d4f15321007fb02865f0e6b6a41a6b88f1f523ca1596ab5f50bd5", + "sha256:1979bc0aeb89b33b588c51c54ab0161791149f2461ea7c7c946d95d5f93b56ae", + "sha256:1a4471094e146b6790f61b98616ab8e44f72661879cc63fa1049d13ef711e71e", + "sha256:1b280e6507ea8a4fa0c0a7150b4e526a8d113989e28eaaef946cc77ffd7efc0a", + "sha256:1d0ce09d36d53bbbe566fe296965b23b961764c0bcf3ce2fa45f463745c04701", + "sha256:20b51fa3f588ff2fe658663db52a41a4f7aa6c04f6201449c6c7c476bd255c0d", + "sha256:23b2d7679b73fe0e5a4560b672a39f98dfc6f60df63823b0a9970525325b95f6", + "sha256:23b701e65c7b36e4bf15546a89279bd4d8675faabc287d06bbcfac7d3c33e1e6", + "sha256:2471c201b70d58a0f0c1f91261542a03d9a5e088ed3dc6c160d614c01649c106", + "sha256:27657df69e8801be6c3638054e202a135c7f299267f1a55ed3a598934f6c0d75", + "sha256:29acab3f66f0f24674b7dc4736477bcd4bc3ad4b896f5f45379a67bce8b96868", + "sha256:32453c1de775c889eb4e22f1197fe3bdfe457d16476ea407472b9442e6295f7a", + "sha256:3a670dc61eb0d0eb7080890c13de3066790f9049b47b0de04007090807c776b0", + "sha256:3e0153a805a98f5ada7e09826255ba99fb4f7524bb81bf6b47fb702666484ae1", + "sha256:410478a0c562d1a5bcc2f7ea448359fcb050ed48b3c6f6f4f18c313a9bdb1826", + "sha256:442acde1e068288a4ba7acfe05f5f343e19fac87bfc96d89eb886b0363e977ec", + "sha256:48f6a4533887e189dae092f1cf981f2e3885175f7a0f33c91fb5b7b682b6bab6", + "sha256:4f57dab5fe3407b6c0c1cc907ac98e8a189f9e418f3b6e54d65a718aaafe3950", + "sha256:4f9c515e7914626b2a2e1e311794b4c35720a0be87af52b79ff8e1429fc25f19", + "sha256:55fdc093b5a3cb41d420884cdaf37a1e74c3c37a31f46e66286d9145d2063bd0", + "sha256:5667ed53d68d91920defdf4035d1cdaa3c3121dc0b113255124bcfada1cfa1b8", + "sha256:590344787a90ae57d62511dd7c736ed56b428f04cd8c161fcc5e7232c130c69a", + "sha256:5a7d70357e7cee13f470c7883a063aae5fe209a493c57d86eb7f5a6f910fae09", + "sha256:5c3894db91f5a489fc8fa6a9991820f368f0b3cbdb9cd8849547ccfab3392d86", + "sha256:5c849d495bf5154cd8da18a9eb15db127d4dba2968d88831aff6f0331ea9bd4c", + "sha256:64536573d0a2cb6e625cf309984e2d873979709f2cf22839bf2d61790b448ad5", + "sha256:693945278a31f2086d9bf3df0fe8254bbeaef1fe71e1351c3bd730aa7d31c41b", + "sha256:6db4667b187a6742b33afbbaf05a7bc551ffcf1ced0000a571aedbb4aa42fc7b", + "sha256:6eb73fa5426ea69ee0e012fb59cdc76a15b1283d6e32e4f8dc4482ec67d1194d", + "sha256:722e1124aec435320ae01ee3ac7bec11a5d47f25d0ed6328f2273d287bc3abb0", + "sha256:7268252af60904bf52c26173cbadc3a071cece75f873705419c8681f24d3edea", + "sha256:74fb4bee6880b529a0c6560885fce4dc95936920f9f20f53d99a213f7bf66776", + "sha256:780d3a35680ced9ce682fbcf4cb9c2bad3136eeff760ab33707b71db84664e3a", + "sha256:82e8211d69a4f4bc360ea22cd6555f8e61a1bd211d1d5d39d3d228b48c83a897", + "sha256:89aa2c2eeb20957be2d950b85974b30a01a762f3308cd02bb15e1ad632e22dc7", + "sha256:8aefbba5f69d42246543407ed2461db31006b0f76c4e32dfd6f42215a2c41d09", + "sha256:96ec70beabbd3b10e8bfe52616a13561e58fe84c0101dd031dc78f250d5128b9", + "sha256:9750cc7fe1ae3b1611bb8cfc3f9ec11d532244235d75901fb6b8e42ce9229dfe", + "sha256:9acbb16f06fe7f52f441bb6f413ebae6c37baa6ef9edd49cdd567216da8600cd", + "sha256:9d3e0c25a2350080e9319724dede4f31f43a6c9779be48021a7f4ebde8b2d742", + "sha256:a06339f38e9ed3a64e4c4e43aec7f59084033647f908e4259d279a52d3757d09", + "sha256:a0cb6f11204443f27a1628b0e460f37fb30f624be6051d490fa7d7e26d4af3d0", + "sha256:a7496bfe1da7fb1a4e1cc23bb67c58fab69311cc7d32b5a99c2007b4b2a0e932", + "sha256:a828c57f00f729620a442881cc60e57cfcec6842ba38e1b19fd3e47ac0ff8dc1", + "sha256:a9b2de4cf0cdd5bd2dee4c4f63a653c61d2408055ab77b151c1957f221cabf2a", + "sha256:b46c8ae3a8f1f41a0d2ef350c0b6e65822d80772fe46b653ab6b6274f61d4a49", + "sha256:b7e3ed87d4138356775346e6845cccbe66cd9e207f3cd11d2f0b9fd13681359d", + "sha256:b7f2f9f912dca3934c1baec2e4585a674ef16fe00218d833856408c48d5beee7", + "sha256:ba60bb19387e13597fb059f32cd4d59445d7b18b69a745b8f8e5db0346f33480", + "sha256:beee944ae828747fd7cb216a70f120767fc9f4f00bacae8543c14a6831673f89", + "sha256:bfa4a17e17ce9abf47a74ae02f32d014c5e9404b6d9ac7f729e01562bbee601e", + "sha256:c037a86e8513059a2613aaba4d817bb90b9d9b6b69aace3ce9c877e8c8ed402b", + "sha256:c302220494f5c1ebeb0912ea782bcd5e2f8308037b3c7553fad0e48ebad6ad82", + "sha256:c6321c9efe29975232da3bd0af0ad216800a47e93d763ce64f291917a381b8eb", + "sha256:c757a9dd70d72b076d6f68efdbb9bc943665ae954dad2801b874c8c69e185068", + "sha256:c99169d4ff810155ca50b4da3b075cbde79752443117d89429595c2e8e37fed8", + "sha256:c9c92be9fd329ac801cc420e08452b70e7aeab94ea4233a4804f0915c14eba9b", + "sha256:cc7b01b3754ea68a62bd77ce6020afaffb44a590c2289089289363472d13aedb", + "sha256:db9e724bebd621d9beca794f2a4ff1d26eed5965b004a97f1f1685a173b869c2", + "sha256:dca69045298ce5c11fd539682cff879cc1e664c245d1c64da929813e54241d11", + "sha256:dd9b1baec094d91bf36ec729445f7769d0d0cf6b64d04d86e45baf89e2b9059b", + "sha256:e02a0e11cf6597299b9f3bbd3f93d79217cb90cfd1411aec33848b13f5c656cc", + "sha256:e6a20a581f9ce92d389a8c7d7c3dd47c81fd5d6e655c8dddf341e14aa48659d0", + "sha256:e7004be74cbb7d9f34553a5ce5fb08be14fb33bc86f332fb71cbe5216362a497", + "sha256:e774d53b1a477a67838a904131c4b0eef6b3d8a651f8b138b04f748fccfefe17", + "sha256:edb678da49d9f72c9f6c609fbe41a5dfb9a9282f9e6a2253d5a91e0fc382d7c0", + "sha256:f146e0911cb2f1da549fc58fc7bcd2b836a44b79ef871980d605ec392ff6b0d2", + "sha256:f56e2333dda1fe0f909e7cc59f021eba0d2307bc6f012a1ccf2beca6ba362439", + "sha256:f9a3ea26252bd92f570600098783d1371354d89d5f6b7dfd87359d669f2109b5", + "sha256:f9aa1878d1083b276b0196f2dfbe00c9b7e752475ed3b682025ff20c1c1f51ac", + "sha256:fb3c2db03683b5767dedb5769b8a40ebb47d6f7f45b1b3e3b4b51ec8ad9d9825", + "sha256:fbeb989b5cc29e8daf7f976b421c220f1b8c731cbf22b9130d8815418ea45887", + "sha256:fde5bd59ab5357e3853313127f4d3565fc7dad314a74d7b5d43c22c6a5ed2ced", + "sha256:fe1a06da377e3a1062ae5fe0926e12b84eceb8a50b350ddca72dc85015873f74" + ], + "markers": "python_version >= '3.8'", + "version": "==1.4.1" + }, + "idna": { + "hashes": [ + "sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca", + "sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f" + ], + "markers": "python_version >= '3.5'", + "version": "==3.6" + }, "iniconfig": { "hashes": [ "sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3", @@ -65,6 +257,86 @@ "markers": "python_version >= '3.7'", "version": "==2.0.0" }, + "multidict": { + "hashes": [ + "sha256:01a3a55bd90018c9c080fbb0b9f4891db37d148a0a18722b42f94694f8b6d4c9", + "sha256:0b1a97283e0c85772d613878028fec909f003993e1007eafa715b24b377cb9b8", + "sha256:0dfad7a5a1e39c53ed00d2dd0c2e36aed4650936dc18fd9a1826a5ae1cad6f03", + "sha256:11bdf3f5e1518b24530b8241529d2050014c884cf18b6fc69c0c2b30ca248710", + "sha256:1502e24330eb681bdaa3eb70d6358e818e8e8f908a22a1851dfd4e15bc2f8161", + "sha256:16ab77bbeb596e14212e7bab8429f24c1579234a3a462105cda4a66904998664", + "sha256:16d232d4e5396c2efbbf4f6d4df89bfa905eb0d4dc5b3549d872ab898451f569", + "sha256:21a12c4eb6ddc9952c415f24eef97e3e55ba3af61f67c7bc388dcdec1404a067", + "sha256:27c523fbfbdfd19c6867af7346332b62b586eed663887392cff78d614f9ec313", + "sha256:281af09f488903fde97923c7744bb001a9b23b039a909460d0f14edc7bf59706", + "sha256:33029f5734336aa0d4c0384525da0387ef89148dc7191aae00ca5fb23d7aafc2", + "sha256:3601a3cece3819534b11d4efc1eb76047488fddd0c85a3948099d5da4d504636", + "sha256:3666906492efb76453c0e7b97f2cf459b0682e7402c0489a95484965dbc1da49", + "sha256:36c63aaa167f6c6b04ef2c85704e93af16c11d20de1d133e39de6a0e84582a93", + "sha256:39ff62e7d0f26c248b15e364517a72932a611a9b75f35b45be078d81bdb86603", + "sha256:43644e38f42e3af682690876cff722d301ac585c5b9e1eacc013b7a3f7b696a0", + "sha256:4372381634485bec7e46718edc71528024fcdc6f835baefe517b34a33c731d60", + "sha256:458f37be2d9e4c95e2d8866a851663cbc76e865b78395090786f6cd9b3bbf4f4", + "sha256:45e1ecb0379bfaab5eef059f50115b54571acfbe422a14f668fc8c27ba410e7e", + "sha256:4b9d9e4e2b37daddb5c23ea33a3417901fa7c7b3dee2d855f63ee67a0b21e5b1", + "sha256:4ceef517eca3e03c1cceb22030a3e39cb399ac86bff4e426d4fc6ae49052cc60", + "sha256:4d1a3d7ef5e96b1c9e92f973e43aa5e5b96c659c9bc3124acbbd81b0b9c8a951", + "sha256:4dcbb0906e38440fa3e325df2359ac6cb043df8e58c965bb45f4e406ecb162cc", + "sha256:509eac6cf09c794aa27bcacfd4d62c885cce62bef7b2c3e8b2e49d365b5003fe", + "sha256:52509b5be062d9eafc8170e53026fbc54cf3b32759a23d07fd935fb04fc22d95", + "sha256:52f2dffc8acaba9a2f27174c41c9e57f60b907bb9f096b36b1a1f3be71c6284d", + "sha256:574b7eae1ab267e5f8285f0fe881f17efe4b98c39a40858247720935b893bba8", + "sha256:5979b5632c3e3534e42ca6ff856bb24b2e3071b37861c2c727ce220d80eee9ed", + "sha256:59d43b61c59d82f2effb39a93c48b845efe23a3852d201ed2d24ba830d0b4cf2", + "sha256:5a4dcf02b908c3b8b17a45fb0f15b695bf117a67b76b7ad18b73cf8e92608775", + "sha256:5cad9430ab3e2e4fa4a2ef4450f548768400a2ac635841bc2a56a2052cdbeb87", + "sha256:5fc1b16f586f049820c5c5b17bb4ee7583092fa0d1c4e28b5239181ff9532e0c", + "sha256:62501642008a8b9871ddfccbf83e4222cf8ac0d5aeedf73da36153ef2ec222d2", + "sha256:64bdf1086b6043bf519869678f5f2757f473dee970d7abf6da91ec00acb9cb98", + "sha256:64da238a09d6039e3bd39bb3aee9c21a5e34f28bfa5aa22518581f910ff94af3", + "sha256:666daae833559deb2d609afa4490b85830ab0dfca811a98b70a205621a6109fe", + "sha256:67040058f37a2a51ed8ea8f6b0e6ee5bd78ca67f169ce6122f3e2ec80dfe9b78", + "sha256:6748717bb10339c4760c1e63da040f5f29f5ed6e59d76daee30305894069a660", + "sha256:6b181d8c23da913d4ff585afd1155a0e1194c0b50c54fcfe286f70cdaf2b7176", + "sha256:6ed5f161328b7df384d71b07317f4d8656434e34591f20552c7bcef27b0ab88e", + "sha256:7582a1d1030e15422262de9f58711774e02fa80df0d1578995c76214f6954988", + "sha256:7d18748f2d30f94f498e852c67d61261c643b349b9d2a581131725595c45ec6c", + "sha256:7d6ae9d593ef8641544d6263c7fa6408cc90370c8cb2bbb65f8d43e5b0351d9c", + "sha256:81a4f0b34bd92df3da93315c6a59034df95866014ac08535fc819f043bfd51f0", + "sha256:8316a77808c501004802f9beebde51c9f857054a0c871bd6da8280e718444449", + "sha256:853888594621e6604c978ce2a0444a1e6e70c8d253ab65ba11657659dcc9100f", + "sha256:99b76c052e9f1bc0721f7541e5e8c05db3941eb9ebe7b8553c625ef88d6eefde", + "sha256:a2e4369eb3d47d2034032a26c7a80fcb21a2cb22e1173d761a162f11e562caa5", + "sha256:ab55edc2e84460694295f401215f4a58597f8f7c9466faec545093045476327d", + "sha256:af048912e045a2dc732847d33821a9d84ba553f5c5f028adbd364dd4765092ac", + "sha256:b1a2eeedcead3a41694130495593a559a668f382eee0727352b9a41e1c45759a", + "sha256:b1e8b901e607795ec06c9e42530788c45ac21ef3aaa11dbd0c69de543bfb79a9", + "sha256:b41156839806aecb3641f3208c0dafd3ac7775b9c4c422d82ee2a45c34ba81ca", + "sha256:b692f419760c0e65d060959df05f2a531945af31fda0c8a3b3195d4efd06de11", + "sha256:bc779e9e6f7fda81b3f9aa58e3a6091d49ad528b11ed19f6621408806204ad35", + "sha256:bf6774e60d67a9efe02b3616fee22441d86fab4c6d335f9d2051d19d90a40063", + "sha256:c048099e4c9e9d615545e2001d3d8a4380bd403e1a0578734e0d31703d1b0c0b", + "sha256:c5cb09abb18c1ea940fb99360ea0396f34d46566f157122c92dfa069d3e0e982", + "sha256:cc8e1d0c705233c5dd0c5e6460fbad7827d5d36f310a0fadfd45cc3029762258", + "sha256:d5e3fc56f88cc98ef8139255cf8cd63eb2c586531e43310ff859d6bb3a6b51f1", + "sha256:d6aa0418fcc838522256761b3415822626f866758ee0bc6632c9486b179d0b52", + "sha256:d6c254ba6e45d8e72739281ebc46ea5eb5f101234f3ce171f0e9f5cc86991480", + "sha256:d6d635d5209b82a3492508cf5b365f3446afb65ae7ebd755e70e18f287b0adf7", + "sha256:dcfe792765fab89c365123c81046ad4103fcabbc4f56d1c1997e6715e8015461", + "sha256:ddd3915998d93fbcd2566ddf9cf62cdb35c9e093075f862935573d265cf8f65d", + "sha256:ddff9c4e225a63a5afab9dd15590432c22e8057e1a9a13d28ed128ecf047bbdc", + "sha256:e41b7e2b59679edfa309e8db64fdf22399eec4b0b24694e1b2104fb789207779", + "sha256:e69924bfcdda39b722ef4d9aa762b2dd38e4632b3641b1d9a57ca9cd18f2f83a", + "sha256:ea20853c6dbbb53ed34cb4d080382169b6f4554d394015f1bef35e881bf83547", + "sha256:ee2a1ece51b9b9e7752e742cfb661d2a29e7bcdba2d27e66e28a99f1890e4fa0", + "sha256:eeb6dcc05e911516ae3d1f207d4b0520d07f54484c49dfc294d6e7d63b734171", + "sha256:f70b98cd94886b49d91170ef23ec5c0e8ebb6f242d734ed7ed677b24d50c82cf", + "sha256:fc35cb4676846ef752816d5be2193a1e8367b4c1397b74a565a9d0389c433a1d", + "sha256:ff959bee35038c4624250473988b24f846cbeb2c6639de3602c073f10410ceba" + ], + "markers": "python_version >= '3.7'", + "version": "==6.0.4" + }, "mypy-extensions": { "hashes": [ "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d", @@ -83,19 +355,19 @@ }, "pathspec": { "hashes": [ - "sha256:1d6ed233af05e679efb96b1851550ea95bbb64b7c490b0f5aa52996c11e92a20", - "sha256:e0d8d0ac2f12da61956eb2306b69f9469b42f4deb0f3cb6ed47b9cce9996ced3" + "sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08", + "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712" ], - "markers": "python_version >= '3.7'", - "version": "==0.11.2" + "markers": "python_version >= '3.8'", + "version": "==0.12.1" }, "platformdirs": { "hashes": [ - "sha256:118c954d7e949b35437270383a3f2531e99dd93cf7ce4dc8340d3356d30f173b", - "sha256:cb633b2bcf10c51af60beb0ab06d2f1d69064b43abf4c185ca6b28865f3f9731" + "sha256:11c8f37bcca40db96d8144522d925583bdb7a31f7b0e37e3ed4318400a8e2380", + "sha256:906d548203468492d432bcb294d4bc2fff751bf84971fbb2c10918cc206ee420" ], - "markers": "python_version >= '3.7'", - "version": "==4.0.0" + "markers": "python_version >= '3.8'", + "version": "==4.1.0" }, "pluggy": { "hashes": [ @@ -131,6 +403,102 @@ "index": "pypi", "markers": "python_version >= '3.7'", "version": "==3.5.0" + }, + "yarl": { + "hashes": [ + "sha256:008d3e808d03ef28542372d01057fd09168419cdc8f848efe2804f894ae03e51", + "sha256:03caa9507d3d3c83bca08650678e25364e1843b484f19986a527630ca376ecce", + "sha256:07574b007ee20e5c375a8fe4a0789fad26db905f9813be0f9fef5a68080de559", + "sha256:09efe4615ada057ba2d30df871d2f668af661e971dfeedf0c159927d48bbeff0", + "sha256:0d2454f0aef65ea81037759be5ca9947539667eecebca092733b2eb43c965a81", + "sha256:0e9d124c191d5b881060a9e5060627694c3bdd1fe24c5eecc8d5d7d0eb6faabc", + "sha256:18580f672e44ce1238b82f7fb87d727c4a131f3a9d33a5e0e82b793362bf18b4", + "sha256:1f23e4fe1e8794f74b6027d7cf19dc25f8b63af1483d91d595d4a07eca1fb26c", + "sha256:206a55215e6d05dbc6c98ce598a59e6fbd0c493e2de4ea6cc2f4934d5a18d130", + "sha256:23d32a2594cb5d565d358a92e151315d1b2268bc10f4610d098f96b147370136", + "sha256:26a1dc6285e03f3cc9e839a2da83bcbf31dcb0d004c72d0730e755b33466c30e", + "sha256:29e0f83f37610f173eb7e7b5562dd71467993495e568e708d99e9d1944f561ec", + "sha256:2b134fd795e2322b7684155b7855cc99409d10b2e408056db2b93b51a52accc7", + "sha256:2d47552b6e52c3319fede1b60b3de120fe83bde9b7bddad11a69fb0af7db32f1", + "sha256:357495293086c5b6d34ca9616a43d329317feab7917518bc97a08f9e55648455", + "sha256:35a2b9396879ce32754bd457d31a51ff0a9d426fd9e0e3c33394bf4b9036b099", + "sha256:3777ce5536d17989c91696db1d459574e9a9bd37660ea7ee4d3344579bb6f129", + "sha256:3986b6f41ad22988e53d5778f91855dc0399b043fc8946d4f2e68af22ee9ff10", + "sha256:44d8ffbb9c06e5a7f529f38f53eda23e50d1ed33c6c869e01481d3fafa6b8142", + "sha256:49a180c2e0743d5d6e0b4d1a9e5f633c62eca3f8a86ba5dd3c471060e352ca98", + "sha256:4aa9741085f635934f3a2583e16fcf62ba835719a8b2b28fb2917bb0537c1dfa", + "sha256:4b21516d181cd77ebd06ce160ef8cc2a5e9ad35fb1c5930882baff5ac865eee7", + "sha256:4b3c1ffe10069f655ea2d731808e76e0f452fc6c749bea04781daf18e6039525", + "sha256:4c7d56b293cc071e82532f70adcbd8b61909eec973ae9d2d1f9b233f3d943f2c", + "sha256:4e9035df8d0880b2f1c7f5031f33f69e071dfe72ee9310cfc76f7b605958ceb9", + "sha256:54525ae423d7b7a8ee81ba189f131054defdb122cde31ff17477951464c1691c", + "sha256:549d19c84c55d11687ddbd47eeb348a89df9cb30e1993f1b128f4685cd0ebbf8", + "sha256:54beabb809ffcacbd9d28ac57b0db46e42a6e341a030293fb3185c409e626b8b", + "sha256:566db86717cf8080b99b58b083b773a908ae40f06681e87e589a976faf8246bf", + "sha256:5a2e2433eb9344a163aced6a5f6c9222c0786e5a9e9cac2c89f0b28433f56e23", + "sha256:5aef935237d60a51a62b86249839b51345f47564208c6ee615ed2a40878dccdd", + "sha256:604f31d97fa493083ea21bd9b92c419012531c4e17ea6da0f65cacdcf5d0bd27", + "sha256:63b20738b5aac74e239622d2fe30df4fca4942a86e31bf47a81a0e94c14df94f", + "sha256:686a0c2f85f83463272ddffd4deb5e591c98aac1897d65e92319f729c320eece", + "sha256:6a962e04b8f91f8c4e5917e518d17958e3bdee71fd1d8b88cdce74dd0ebbf434", + "sha256:6ad6d10ed9b67a382b45f29ea028f92d25bc0bc1daf6c5b801b90b5aa70fb9ec", + "sha256:6f5cb257bc2ec58f437da2b37a8cd48f666db96d47b8a3115c29f316313654ff", + "sha256:6fe79f998a4052d79e1c30eeb7d6c1c1056ad33300f682465e1b4e9b5a188b78", + "sha256:7855426dfbddac81896b6e533ebefc0af2f132d4a47340cee6d22cac7190022d", + "sha256:7d5aaac37d19b2904bb9dfe12cdb08c8443e7ba7d2852894ad448d4b8f442863", + "sha256:801e9264d19643548651b9db361ce3287176671fb0117f96b5ac0ee1c3530d53", + "sha256:81eb57278deb6098a5b62e88ad8281b2ba09f2f1147c4767522353eaa6260b31", + "sha256:824d6c50492add5da9374875ce72db7a0733b29c2394890aef23d533106e2b15", + "sha256:8397a3817d7dcdd14bb266283cd1d6fc7264a48c186b986f32e86d86d35fbac5", + "sha256:848cd2a1df56ddbffeb375535fb62c9d1645dde33ca4d51341378b3f5954429b", + "sha256:84fc30f71689d7fc9168b92788abc977dc8cefa806909565fc2951d02f6b7d57", + "sha256:8619d6915b3b0b34420cf9b2bb6d81ef59d984cb0fde7544e9ece32b4b3043c3", + "sha256:8a854227cf581330ffa2c4824d96e52ee621dd571078a252c25e3a3b3d94a1b1", + "sha256:8be9e837ea9113676e5754b43b940b50cce76d9ed7d2461df1af39a8ee674d9f", + "sha256:928cecb0ef9d5a7946eb6ff58417ad2fe9375762382f1bf5c55e61645f2c43ad", + "sha256:957b4774373cf6f709359e5c8c4a0af9f6d7875db657adb0feaf8d6cb3c3964c", + "sha256:992f18e0ea248ee03b5a6e8b3b4738850ae7dbb172cc41c966462801cbf62cf7", + "sha256:9fc5fc1eeb029757349ad26bbc5880557389a03fa6ada41703db5e068881e5f2", + "sha256:a00862fb23195b6b8322f7d781b0dc1d82cb3bcac346d1e38689370cc1cc398b", + "sha256:a3a6ed1d525bfb91b3fc9b690c5a21bb52de28c018530ad85093cc488bee2dd2", + "sha256:a6327976c7c2f4ee6816eff196e25385ccc02cb81427952414a64811037bbc8b", + "sha256:a7409f968456111140c1c95301cadf071bd30a81cbd7ab829169fb9e3d72eae9", + "sha256:a825ec844298c791fd28ed14ed1bffc56a98d15b8c58a20e0e08c1f5f2bea1be", + "sha256:a8c1df72eb746f4136fe9a2e72b0c9dc1da1cbd23b5372f94b5820ff8ae30e0e", + "sha256:a9bd00dc3bc395a662900f33f74feb3e757429e545d831eef5bb280252631984", + "sha256:aa102d6d280a5455ad6a0f9e6d769989638718e938a6a0a2ff3f4a7ff8c62cc4", + "sha256:aaaea1e536f98754a6e5c56091baa1b6ce2f2700cc4a00b0d49eca8dea471074", + "sha256:ad4d7a90a92e528aadf4965d685c17dacff3df282db1121136c382dc0b6014d2", + "sha256:b8477c1ee4bd47c57d49621a062121c3023609f7a13b8a46953eb6c9716ca392", + "sha256:ba6f52cbc7809cd8d74604cce9c14868306ae4aa0282016b641c661f981a6e91", + "sha256:bac8d525a8dbc2a1507ec731d2867025d11ceadcb4dd421423a5d42c56818541", + "sha256:bef596fdaa8f26e3d66af846bbe77057237cb6e8efff8cd7cc8dff9a62278bbf", + "sha256:c0ec0ed476f77db9fb29bca17f0a8fcc7bc97ad4c6c1d8959c507decb22e8572", + "sha256:c38c9ddb6103ceae4e4498f9c08fac9b590c5c71b0370f98714768e22ac6fa66", + "sha256:c7224cab95645c7ab53791022ae77a4509472613e839dab722a72abe5a684575", + "sha256:c74018551e31269d56fab81a728f683667e7c28c04e807ba08f8c9e3bba32f14", + "sha256:ca06675212f94e7a610e85ca36948bb8fc023e458dd6c63ef71abfd482481aa5", + "sha256:d1d2532b340b692880261c15aee4dc94dd22ca5d61b9db9a8a361953d36410b1", + "sha256:d25039a474c4c72a5ad4b52495056f843a7ff07b632c1b92ea9043a3d9950f6e", + "sha256:d5ff2c858f5f6a42c2a8e751100f237c5e869cbde669a724f2062d4c4ef93551", + "sha256:d7d7f7de27b8944f1fee2c26a88b4dabc2409d2fea7a9ed3df79b67277644e17", + "sha256:d7eeb6d22331e2fd42fce928a81c697c9ee2d51400bd1a28803965883e13cead", + "sha256:d8a1c6c0be645c745a081c192e747c5de06e944a0d21245f4cf7c05e457c36e0", + "sha256:d8b889777de69897406c9fb0b76cdf2fd0f31267861ae7501d93003d55f54fbe", + "sha256:d9e09c9d74f4566e905a0b8fa668c58109f7624db96a2171f21747abc7524234", + "sha256:db8e58b9d79200c76956cefd14d5c90af54416ff5353c5bfd7cbe58818e26ef0", + "sha256:ddb2a5c08a4eaaba605340fdee8fc08e406c56617566d9643ad8bf6852778fc7", + "sha256:e0381b4ce23ff92f8170080c97678040fc5b08da85e9e292292aba67fdac6c34", + "sha256:e23a6d84d9d1738dbc6e38167776107e63307dfc8ad108e580548d1f2c587f42", + "sha256:e516dc8baf7b380e6c1c26792610230f37147bb754d6426462ab115a02944385", + "sha256:ea65804b5dc88dacd4a40279af0cdadcfe74b3e5b4c897aa0d81cf86927fee78", + "sha256:ec61d826d80fc293ed46c9dd26995921e3a82146feacd952ef0757236fc137be", + "sha256:ee04010f26d5102399bd17f8df8bc38dc7ccd7701dc77f4a68c5b8d733406958", + "sha256:f3bc6af6e2b8f92eced34ef6a96ffb248e863af20ef4fde9448cc8c9b858b749", + "sha256:f7d6b36dd2e029b6bcb8a13cf19664c7b8e19ab3a58e0fefbb5b8461447ed5ec" + ], + "markers": "python_version >= '3.7'", + "version": "==1.9.4" } }, "develop": {} From dbf3ddfa24c55545cdce49e5c4690a18cb697802 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 8 Dec 2023 20:17:02 +0100 Subject: [PATCH 121/175] Update alpine to 3.19 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 4 ++-- test/Dockerfile | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 869dadc..ada4f0a 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,5 +1,5 @@ -ARG CONTAINER="3.18" -FROM alpine:${CONTAINER} +ARG alpine_version="3.19" +FROM alpine:${alpine_version} # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETPLATFORM diff --git a/test/Dockerfile b/test/Dockerfile index 676f972..cdeb491 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -1,4 +1,7 @@ -FROM docker:24.0.4-cli-alpine3.18 +ARG alpine_version="3.18" +ARG docker_version="24.0.7" + +FROM docker:${docker_version}-cli-alpine${alpine_version} COPY --chmod=0755 ./cmd.sh /usr/local/bin/cmd.sh COPY --chmod=0755 ./entrypoint.sh /usr/local/bin/entrypoint.sh From 775c3a8049545304b219c8eef45b686a86571b3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 16 Dec 2023 23:23:08 +0100 Subject: [PATCH 122/175] Update docker-cli also to v3.19 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Dockerfile b/test/Dockerfile index cdeb491..a978b4e 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -1,4 +1,4 @@ -ARG alpine_version="3.18" +ARG alpine_version="3.19" ARG docker_version="24.0.7" FROM docker:${docker_version}-cli-alpine${alpine_version} From 59cfc75ae7d939d114644a6ca5a6912db1a05ccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 16 Dec 2023 23:33:23 +0100 Subject: [PATCH 123/175] Remove pipenv and allow pip to install systemwide with --break-system-packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/Dockerfile | 7 +- test/Pipfile | 15 -- test/Pipfile.lock | 505 ------------------------------------------ test/requirements.txt | 4 + 4 files changed, 7 insertions(+), 524 deletions(-) delete mode 100644 test/Pipfile delete mode 100644 test/Pipfile.lock create mode 100644 test/requirements.txt diff --git a/test/Dockerfile b/test/Dockerfile index a978b4e..8763519 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -5,16 +5,15 @@ FROM docker:${docker_version}-cli-alpine${alpine_version} COPY --chmod=0755 ./cmd.sh /usr/local/bin/cmd.sh COPY --chmod=0755 ./entrypoint.sh /usr/local/bin/entrypoint.sh -COPY Pipfile* /root/ +COPY requirements.txt /root/ WORKDIR /root RUN apk add --no-cache \ python3-dev \ py3-pip \ curl \ - && pip3 install --no-cache-dir -U pip pipenv \ - && pipenv install --system \ - # Not 100% sure what this line does, but it's always been in the Dockerfile (aside from pointing at a different file) + && pip3 install --break-system-packages --no-cache-dir -U pip \ + && pip3 install --break-system-packages --no-cache-dir -r requirements.txt \ # Tests fall over without it. Investigate later. && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.11/site-packages/testinfra/backend/docker.py diff --git a/test/Pipfile b/test/Pipfile deleted file mode 100644 index 846612c..0000000 --- a/test/Pipfile +++ /dev/null @@ -1,15 +0,0 @@ -[[source]] -name = "pypi" -url = "https://pypi.org/simple" -verify_ssl = true - -[dev-packages] - -[packages] -pytest = "==7.4.3" -pytest-xdist = "==3.5.0" -pytest-testinfra = "==10.0.0" -black = "==23.12.0" - -[requires] -python_version = "3" diff --git a/test/Pipfile.lock b/test/Pipfile.lock deleted file mode 100644 index b157785..0000000 --- a/test/Pipfile.lock +++ /dev/null @@ -1,505 +0,0 @@ -{ - "_meta": { - "hash": { - "sha256": "ee713db2be03b10e96b6eb2c898bdd9240d4c02baed37e6850a4338a6c1dad62" - }, - "pipfile-spec": 6, - "requires": { - "python_version": "3" - }, - "sources": [ - { - "name": "pypi", - "url": "https://pypi.org/simple", - "verify_ssl": true - } - ] - }, - "default": { - "aiohttp": { - "hashes": [ - "sha256:02ab6006ec3c3463b528374c4cdce86434e7b89ad355e7bf29e2f16b46c7dd6f", - "sha256:04fa38875e53eb7e354ece1607b1d2fdee2d175ea4e4d745f6ec9f751fe20c7c", - "sha256:0b0a6a36ed7e164c6df1e18ee47afbd1990ce47cb428739d6c99aaabfaf1b3af", - "sha256:0d406b01a9f5a7e232d1b0d161b40c05275ffbcbd772dc18c1d5a570961a1ca4", - "sha256:0e49b08eafa4f5707ecfb321ab9592717a319e37938e301d462f79b4e860c32a", - "sha256:0e7ba7ff228c0d9a2cd66194e90f2bca6e0abca810b786901a569c0de082f489", - "sha256:11cb254e397a82efb1805d12561e80124928e04e9c4483587ce7390b3866d213", - "sha256:11ff168d752cb41e8492817e10fb4f85828f6a0142b9726a30c27c35a1835f01", - "sha256:176df045597e674fa950bf5ae536be85699e04cea68fa3a616cf75e413737eb5", - "sha256:219a16763dc0294842188ac8a12262b5671817042b35d45e44fd0a697d8c8361", - "sha256:22698f01ff5653fe66d16ffb7658f582a0ac084d7da1323e39fd9eab326a1f26", - "sha256:237533179d9747080bcaad4d02083ce295c0d2eab3e9e8ce103411a4312991a0", - "sha256:289ba9ae8e88d0ba16062ecf02dd730b34186ea3b1e7489046fc338bdc3361c4", - "sha256:2c59e0076ea31c08553e868cec02d22191c086f00b44610f8ab7363a11a5d9d8", - "sha256:2c9376e2b09895c8ca8b95362283365eb5c03bdc8428ade80a864160605715f1", - "sha256:3135713c5562731ee18f58d3ad1bf41e1d8883eb68b363f2ffde5b2ea4b84cc7", - "sha256:3b9c7426923bb7bd66d409da46c41e3fb40f5caf679da624439b9eba92043fa6", - "sha256:3c0266cd6f005e99f3f51e583012de2778e65af6b73860038b968a0a8888487a", - "sha256:41473de252e1797c2d2293804e389a6d6986ef37cbb4a25208de537ae32141dd", - "sha256:4831df72b053b1eed31eb00a2e1aff6896fb4485301d4ccb208cac264b648db4", - "sha256:49f0c1b3c2842556e5de35f122fc0f0b721334ceb6e78c3719693364d4af8499", - "sha256:4b4c452d0190c5a820d3f5c0f3cd8a28ace48c54053e24da9d6041bf81113183", - "sha256:4ee8caa925aebc1e64e98432d78ea8de67b2272252b0a931d2ac3bd876ad5544", - "sha256:500f1c59906cd142d452074f3811614be04819a38ae2b3239a48b82649c08821", - "sha256:5216b6082c624b55cfe79af5d538e499cd5f5b976820eac31951fb4325974501", - "sha256:54311eb54f3a0c45efb9ed0d0a8f43d1bc6060d773f6973efd90037a51cd0a3f", - "sha256:54631fb69a6e44b2ba522f7c22a6fb2667a02fd97d636048478db2fd8c4e98fe", - "sha256:565760d6812b8d78d416c3c7cfdf5362fbe0d0d25b82fed75d0d29e18d7fc30f", - "sha256:598db66eaf2e04aa0c8900a63b0101fdc5e6b8a7ddd805c56d86efb54eb66672", - "sha256:5c4fa235d534b3547184831c624c0b7c1e262cd1de847d95085ec94c16fddcd5", - "sha256:69985d50a2b6f709412d944ffb2e97d0be154ea90600b7a921f95a87d6f108a2", - "sha256:69da0f3ed3496808e8cbc5123a866c41c12c15baaaead96d256477edf168eb57", - "sha256:6c93b7c2e52061f0925c3382d5cb8980e40f91c989563d3d32ca280069fd6a87", - "sha256:70907533db712f7aa791effb38efa96f044ce3d4e850e2d7691abd759f4f0ae0", - "sha256:81b77f868814346662c96ab36b875d7814ebf82340d3284a31681085c051320f", - "sha256:82eefaf1a996060602f3cc1112d93ba8b201dbf5d8fd9611227de2003dddb3b7", - "sha256:85c3e3c9cb1d480e0b9a64c658cd66b3cfb8e721636ab8b0e746e2d79a7a9eed", - "sha256:8a22a34bc594d9d24621091d1b91511001a7eea91d6652ea495ce06e27381f70", - "sha256:8cef8710fb849d97c533f259103f09bac167a008d7131d7b2b0e3a33269185c0", - "sha256:8d44e7bf06b0c0a70a20f9100af9fcfd7f6d9d3913e37754c12d424179b4e48f", - "sha256:8d7f98fde213f74561be1d6d3fa353656197f75d4edfbb3d94c9eb9b0fc47f5d", - "sha256:8d8e4450e7fe24d86e86b23cc209e0023177b6d59502e33807b732d2deb6975f", - "sha256:8fc49a87ac269d4529da45871e2ffb6874e87779c3d0e2ccd813c0899221239d", - "sha256:90ec72d231169b4b8d6085be13023ece8fa9b1bb495e4398d847e25218e0f431", - "sha256:91c742ca59045dce7ba76cab6e223e41d2c70d79e82c284a96411f8645e2afff", - "sha256:9b05d33ff8e6b269e30a7957bd3244ffbce2a7a35a81b81c382629b80af1a8bf", - "sha256:9b05d5cbe9dafcdc733262c3a99ccf63d2f7ce02543620d2bd8db4d4f7a22f83", - "sha256:9c5857612c9813796960c00767645cb5da815af16dafb32d70c72a8390bbf690", - "sha256:a34086c5cc285be878622e0a6ab897a986a6e8bf5b67ecb377015f06ed316587", - "sha256:ab221850108a4a063c5b8a70f00dd7a1975e5a1713f87f4ab26a46e5feac5a0e", - "sha256:b796b44111f0cab6bbf66214186e44734b5baab949cb5fb56154142a92989aeb", - "sha256:b8c3a67eb87394386847d188996920f33b01b32155f0a94f36ca0e0c635bf3e3", - "sha256:bcb6532b9814ea7c5a6a3299747c49de30e84472fa72821b07f5a9818bce0f66", - "sha256:bcc0ea8d5b74a41b621ad4a13d96c36079c81628ccc0b30cfb1603e3dfa3a014", - "sha256:bea94403a21eb94c93386d559bce297381609153e418a3ffc7d6bf772f59cc35", - "sha256:bff7e2811814fa2271be95ab6e84c9436d027a0e59665de60edf44e529a42c1f", - "sha256:c72444d17777865734aa1a4d167794c34b63e5883abb90356a0364a28904e6c0", - "sha256:c7b5d5d64e2a14e35a9240b33b89389e0035e6de8dbb7ffa50d10d8b65c57449", - "sha256:c7e939f1ae428a86e4abbb9a7c4732bf4706048818dfd979e5e2839ce0159f23", - "sha256:c88a15f272a0ad3d7773cf3a37cc7b7d077cbfc8e331675cf1346e849d97a4e5", - "sha256:c9110c06eaaac7e1f5562caf481f18ccf8f6fdf4c3323feab28a93d34cc646bd", - "sha256:ca7ca5abfbfe8d39e653870fbe8d7710be7a857f8a8386fc9de1aae2e02ce7e4", - "sha256:cae4c0c2ca800c793cae07ef3d40794625471040a87e1ba392039639ad61ab5b", - "sha256:cdefe289681507187e375a5064c7599f52c40343a8701761c802c1853a504558", - "sha256:cf2a0ac0615842b849f40c4d7f304986a242f1e68286dbf3bd7a835e4f83acfd", - "sha256:cfeadf42840c1e870dc2042a232a8748e75a36b52d78968cda6736de55582766", - "sha256:d737e69d193dac7296365a6dcb73bbbf53bb760ab25a3727716bbd42022e8d7a", - "sha256:d7481f581251bb5558ba9f635db70908819caa221fc79ee52a7f58392778c636", - "sha256:df9cf74b9bc03d586fc53ba470828d7b77ce51b0582d1d0b5b2fb673c0baa32d", - "sha256:e1f80197f8b0b846a8d5cf7b7ec6084493950d0882cc5537fb7b96a69e3c8590", - "sha256:ecca113f19d5e74048c001934045a2b9368d77b0b17691d905af18bd1c21275e", - "sha256:ee2527134f95e106cc1653e9ac78846f3a2ec1004cf20ef4e02038035a74544d", - "sha256:f27fdaadce22f2ef950fc10dcdf8048407c3b42b73779e48a4e76b3c35bca26c", - "sha256:f694dc8a6a3112059258a725a4ebe9acac5fe62f11c77ac4dcf896edfa78ca28", - "sha256:f800164276eec54e0af5c99feb9494c295118fc10a11b997bbb1348ba1a52065", - "sha256:ffcd828e37dc219a72c9012ec44ad2e7e3066bec6ff3aaa19e7d435dbf4032ca" - ], - "version": "==3.9.1" - }, - "aiosignal": { - "hashes": [ - "sha256:54cd96e15e1649b75d6c87526a6ff0b6c1b0dd3459f43d9ca11d48c339b68cfc", - "sha256:f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17" - ], - "markers": "python_version >= '3.7'", - "version": "==1.3.1" - }, - "attrs": { - "hashes": [ - "sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04", - "sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015" - ], - "markers": "python_version >= '3.7'", - "version": "==23.1.0" - }, - "black": { - "hashes": [ - "sha256:12d5f10cce8dc27202e9a252acd1c9a426c83f95496c959406c96b785a92bb7d", - "sha256:193946e634e80bfb3aec41830f5d7431f8dd5b20d11d89be14b84a97c6b8bc75", - "sha256:330a327b422aca0634ecd115985c1c7fd7bdb5b5a2ef8aa9888a82e2ebe9437a", - "sha256:39dda060b9b395a6b7bf9c5db28ac87b3c3f48d4fdff470fa8a94ab8271da47e", - "sha256:593596f699ca2dcbbbdfa59fcda7d8ad6604370c10228223cd6cf6ce1ce7ed7e", - "sha256:67f19562d367468ab59bd6c36a72b2c84bc2f16b59788690e02bbcb140a77175", - "sha256:6a82a711d13e61840fb11a6dfecc7287f2424f1ca34765e70c909a35ffa7fb95", - "sha256:7231670266ca5191a76cb838185d9be59cfa4f5dd401b7c1c70b993c58f6b1b5", - "sha256:72db37a2266b16d256b3ea88b9affcdd5c41a74db551ec3dd4609a59c17d25bf", - "sha256:81a832b6e00eef2c13b3239d514ea3b7d5cc3eaa03d0474eedcbbda59441ba5d", - "sha256:97af22278043a6a1272daca10a6f4d36c04dfa77e61cbaaf4482e08f3640e9f0", - "sha256:996650a89fe5892714ea4ea87bc45e41a59a1e01675c42c433a35b490e5aa3f0", - "sha256:a7c07db8200b5315dc07e331dda4d889a56f6bf4db6a9c2a526fa3166a81614f", - "sha256:ace64c1a349c162d6da3cef91e3b0e78c4fc596ffde9413efa0525456148873d", - "sha256:ba09cae1657c4f8a8c9ff6cfd4a6baaf915bb4ef7d03acffe6a2f6585fa1bd01", - "sha256:bbd75d9f28a7283b7426160ca21c5bd640ca7cd8ef6630b4754b6df9e2da8462", - "sha256:bcf91b01ddd91a2fed9a8006d7baa94ccefe7e518556470cf40213bd3d44bbbc", - "sha256:bdbff34c487239a63d86db0c9385b27cdd68b1bfa4e706aa74bb94a435403672", - "sha256:c71048345bdbced456cddf1622832276d98a710196b842407840ae8055ade6ee", - "sha256:e73c5e3d37e5a3513d16b33305713237a234396ae56769b839d7c40759b8a41c", - "sha256:ead25c273adfad1095a8ad32afdb8304933efba56e3c1d31b0fee4143a1e424a", - "sha256:fdf6f23c83078a6c8da2442f4d4eeb19c28ac2a6416da7671b72f0295c4a697b" - ], - "index": "pypi", - "markers": "python_version >= '3.8'", - "version": "==23.12.0" - }, - "click": { - "hashes": [ - "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28", - "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de" - ], - "markers": "python_version >= '3.7'", - "version": "==8.1.7" - }, - "execnet": { - "hashes": [ - "sha256:88256416ae766bc9e8895c76a87928c0012183da3cc4fc18016e6f050e025f41", - "sha256:cc59bc4423742fd71ad227122eb0dd44db51efb3dc4095b45ac9a08c770096af" - ], - "markers": "python_version >= '3.7'", - "version": "==2.0.2" - }, - "frozenlist": { - "hashes": [ - "sha256:04ced3e6a46b4cfffe20f9ae482818e34eba9b5fb0ce4056e4cc9b6e212d09b7", - "sha256:0633c8d5337cb5c77acbccc6357ac49a1770b8c487e5b3505c57b949b4b82e98", - "sha256:068b63f23b17df8569b7fdca5517edef76171cf3897eb68beb01341131fbd2ad", - "sha256:0c250a29735d4f15321007fb02865f0e6b6a41a6b88f1f523ca1596ab5f50bd5", - "sha256:1979bc0aeb89b33b588c51c54ab0161791149f2461ea7c7c946d95d5f93b56ae", - "sha256:1a4471094e146b6790f61b98616ab8e44f72661879cc63fa1049d13ef711e71e", - "sha256:1b280e6507ea8a4fa0c0a7150b4e526a8d113989e28eaaef946cc77ffd7efc0a", - "sha256:1d0ce09d36d53bbbe566fe296965b23b961764c0bcf3ce2fa45f463745c04701", - "sha256:20b51fa3f588ff2fe658663db52a41a4f7aa6c04f6201449c6c7c476bd255c0d", - "sha256:23b2d7679b73fe0e5a4560b672a39f98dfc6f60df63823b0a9970525325b95f6", - "sha256:23b701e65c7b36e4bf15546a89279bd4d8675faabc287d06bbcfac7d3c33e1e6", - "sha256:2471c201b70d58a0f0c1f91261542a03d9a5e088ed3dc6c160d614c01649c106", - "sha256:27657df69e8801be6c3638054e202a135c7f299267f1a55ed3a598934f6c0d75", - "sha256:29acab3f66f0f24674b7dc4736477bcd4bc3ad4b896f5f45379a67bce8b96868", - "sha256:32453c1de775c889eb4e22f1197fe3bdfe457d16476ea407472b9442e6295f7a", - "sha256:3a670dc61eb0d0eb7080890c13de3066790f9049b47b0de04007090807c776b0", - "sha256:3e0153a805a98f5ada7e09826255ba99fb4f7524bb81bf6b47fb702666484ae1", - "sha256:410478a0c562d1a5bcc2f7ea448359fcb050ed48b3c6f6f4f18c313a9bdb1826", - "sha256:442acde1e068288a4ba7acfe05f5f343e19fac87bfc96d89eb886b0363e977ec", - "sha256:48f6a4533887e189dae092f1cf981f2e3885175f7a0f33c91fb5b7b682b6bab6", - "sha256:4f57dab5fe3407b6c0c1cc907ac98e8a189f9e418f3b6e54d65a718aaafe3950", - "sha256:4f9c515e7914626b2a2e1e311794b4c35720a0be87af52b79ff8e1429fc25f19", - "sha256:55fdc093b5a3cb41d420884cdaf37a1e74c3c37a31f46e66286d9145d2063bd0", - "sha256:5667ed53d68d91920defdf4035d1cdaa3c3121dc0b113255124bcfada1cfa1b8", - "sha256:590344787a90ae57d62511dd7c736ed56b428f04cd8c161fcc5e7232c130c69a", - "sha256:5a7d70357e7cee13f470c7883a063aae5fe209a493c57d86eb7f5a6f910fae09", - "sha256:5c3894db91f5a489fc8fa6a9991820f368f0b3cbdb9cd8849547ccfab3392d86", - "sha256:5c849d495bf5154cd8da18a9eb15db127d4dba2968d88831aff6f0331ea9bd4c", - "sha256:64536573d0a2cb6e625cf309984e2d873979709f2cf22839bf2d61790b448ad5", - "sha256:693945278a31f2086d9bf3df0fe8254bbeaef1fe71e1351c3bd730aa7d31c41b", - "sha256:6db4667b187a6742b33afbbaf05a7bc551ffcf1ced0000a571aedbb4aa42fc7b", - "sha256:6eb73fa5426ea69ee0e012fb59cdc76a15b1283d6e32e4f8dc4482ec67d1194d", - "sha256:722e1124aec435320ae01ee3ac7bec11a5d47f25d0ed6328f2273d287bc3abb0", - "sha256:7268252af60904bf52c26173cbadc3a071cece75f873705419c8681f24d3edea", - "sha256:74fb4bee6880b529a0c6560885fce4dc95936920f9f20f53d99a213f7bf66776", - "sha256:780d3a35680ced9ce682fbcf4cb9c2bad3136eeff760ab33707b71db84664e3a", - "sha256:82e8211d69a4f4bc360ea22cd6555f8e61a1bd211d1d5d39d3d228b48c83a897", - "sha256:89aa2c2eeb20957be2d950b85974b30a01a762f3308cd02bb15e1ad632e22dc7", - "sha256:8aefbba5f69d42246543407ed2461db31006b0f76c4e32dfd6f42215a2c41d09", - "sha256:96ec70beabbd3b10e8bfe52616a13561e58fe84c0101dd031dc78f250d5128b9", - "sha256:9750cc7fe1ae3b1611bb8cfc3f9ec11d532244235d75901fb6b8e42ce9229dfe", - "sha256:9acbb16f06fe7f52f441bb6f413ebae6c37baa6ef9edd49cdd567216da8600cd", - "sha256:9d3e0c25a2350080e9319724dede4f31f43a6c9779be48021a7f4ebde8b2d742", - "sha256:a06339f38e9ed3a64e4c4e43aec7f59084033647f908e4259d279a52d3757d09", - "sha256:a0cb6f11204443f27a1628b0e460f37fb30f624be6051d490fa7d7e26d4af3d0", - "sha256:a7496bfe1da7fb1a4e1cc23bb67c58fab69311cc7d32b5a99c2007b4b2a0e932", - "sha256:a828c57f00f729620a442881cc60e57cfcec6842ba38e1b19fd3e47ac0ff8dc1", - "sha256:a9b2de4cf0cdd5bd2dee4c4f63a653c61d2408055ab77b151c1957f221cabf2a", - "sha256:b46c8ae3a8f1f41a0d2ef350c0b6e65822d80772fe46b653ab6b6274f61d4a49", - "sha256:b7e3ed87d4138356775346e6845cccbe66cd9e207f3cd11d2f0b9fd13681359d", - "sha256:b7f2f9f912dca3934c1baec2e4585a674ef16fe00218d833856408c48d5beee7", - "sha256:ba60bb19387e13597fb059f32cd4d59445d7b18b69a745b8f8e5db0346f33480", - "sha256:beee944ae828747fd7cb216a70f120767fc9f4f00bacae8543c14a6831673f89", - "sha256:bfa4a17e17ce9abf47a74ae02f32d014c5e9404b6d9ac7f729e01562bbee601e", - "sha256:c037a86e8513059a2613aaba4d817bb90b9d9b6b69aace3ce9c877e8c8ed402b", - "sha256:c302220494f5c1ebeb0912ea782bcd5e2f8308037b3c7553fad0e48ebad6ad82", - "sha256:c6321c9efe29975232da3bd0af0ad216800a47e93d763ce64f291917a381b8eb", - "sha256:c757a9dd70d72b076d6f68efdbb9bc943665ae954dad2801b874c8c69e185068", - "sha256:c99169d4ff810155ca50b4da3b075cbde79752443117d89429595c2e8e37fed8", - "sha256:c9c92be9fd329ac801cc420e08452b70e7aeab94ea4233a4804f0915c14eba9b", - "sha256:cc7b01b3754ea68a62bd77ce6020afaffb44a590c2289089289363472d13aedb", - "sha256:db9e724bebd621d9beca794f2a4ff1d26eed5965b004a97f1f1685a173b869c2", - "sha256:dca69045298ce5c11fd539682cff879cc1e664c245d1c64da929813e54241d11", - "sha256:dd9b1baec094d91bf36ec729445f7769d0d0cf6b64d04d86e45baf89e2b9059b", - "sha256:e02a0e11cf6597299b9f3bbd3f93d79217cb90cfd1411aec33848b13f5c656cc", - "sha256:e6a20a581f9ce92d389a8c7d7c3dd47c81fd5d6e655c8dddf341e14aa48659d0", - "sha256:e7004be74cbb7d9f34553a5ce5fb08be14fb33bc86f332fb71cbe5216362a497", - "sha256:e774d53b1a477a67838a904131c4b0eef6b3d8a651f8b138b04f748fccfefe17", - "sha256:edb678da49d9f72c9f6c609fbe41a5dfb9a9282f9e6a2253d5a91e0fc382d7c0", - "sha256:f146e0911cb2f1da549fc58fc7bcd2b836a44b79ef871980d605ec392ff6b0d2", - "sha256:f56e2333dda1fe0f909e7cc59f021eba0d2307bc6f012a1ccf2beca6ba362439", - "sha256:f9a3ea26252bd92f570600098783d1371354d89d5f6b7dfd87359d669f2109b5", - "sha256:f9aa1878d1083b276b0196f2dfbe00c9b7e752475ed3b682025ff20c1c1f51ac", - "sha256:fb3c2db03683b5767dedb5769b8a40ebb47d6f7f45b1b3e3b4b51ec8ad9d9825", - "sha256:fbeb989b5cc29e8daf7f976b421c220f1b8c731cbf22b9130d8815418ea45887", - "sha256:fde5bd59ab5357e3853313127f4d3565fc7dad314a74d7b5d43c22c6a5ed2ced", - "sha256:fe1a06da377e3a1062ae5fe0926e12b84eceb8a50b350ddca72dc85015873f74" - ], - "markers": "python_version >= '3.8'", - "version": "==1.4.1" - }, - "idna": { - "hashes": [ - "sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca", - "sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f" - ], - "markers": "python_version >= '3.5'", - "version": "==3.6" - }, - "iniconfig": { - "hashes": [ - "sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3", - "sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374" - ], - "markers": "python_version >= '3.7'", - "version": "==2.0.0" - }, - "multidict": { - "hashes": [ - "sha256:01a3a55bd90018c9c080fbb0b9f4891db37d148a0a18722b42f94694f8b6d4c9", - "sha256:0b1a97283e0c85772d613878028fec909f003993e1007eafa715b24b377cb9b8", - "sha256:0dfad7a5a1e39c53ed00d2dd0c2e36aed4650936dc18fd9a1826a5ae1cad6f03", - "sha256:11bdf3f5e1518b24530b8241529d2050014c884cf18b6fc69c0c2b30ca248710", - "sha256:1502e24330eb681bdaa3eb70d6358e818e8e8f908a22a1851dfd4e15bc2f8161", - "sha256:16ab77bbeb596e14212e7bab8429f24c1579234a3a462105cda4a66904998664", - "sha256:16d232d4e5396c2efbbf4f6d4df89bfa905eb0d4dc5b3549d872ab898451f569", - "sha256:21a12c4eb6ddc9952c415f24eef97e3e55ba3af61f67c7bc388dcdec1404a067", - "sha256:27c523fbfbdfd19c6867af7346332b62b586eed663887392cff78d614f9ec313", - "sha256:281af09f488903fde97923c7744bb001a9b23b039a909460d0f14edc7bf59706", - "sha256:33029f5734336aa0d4c0384525da0387ef89148dc7191aae00ca5fb23d7aafc2", - "sha256:3601a3cece3819534b11d4efc1eb76047488fddd0c85a3948099d5da4d504636", - "sha256:3666906492efb76453c0e7b97f2cf459b0682e7402c0489a95484965dbc1da49", - "sha256:36c63aaa167f6c6b04ef2c85704e93af16c11d20de1d133e39de6a0e84582a93", - "sha256:39ff62e7d0f26c248b15e364517a72932a611a9b75f35b45be078d81bdb86603", - "sha256:43644e38f42e3af682690876cff722d301ac585c5b9e1eacc013b7a3f7b696a0", - "sha256:4372381634485bec7e46718edc71528024fcdc6f835baefe517b34a33c731d60", - "sha256:458f37be2d9e4c95e2d8866a851663cbc76e865b78395090786f6cd9b3bbf4f4", - "sha256:45e1ecb0379bfaab5eef059f50115b54571acfbe422a14f668fc8c27ba410e7e", - "sha256:4b9d9e4e2b37daddb5c23ea33a3417901fa7c7b3dee2d855f63ee67a0b21e5b1", - "sha256:4ceef517eca3e03c1cceb22030a3e39cb399ac86bff4e426d4fc6ae49052cc60", - "sha256:4d1a3d7ef5e96b1c9e92f973e43aa5e5b96c659c9bc3124acbbd81b0b9c8a951", - "sha256:4dcbb0906e38440fa3e325df2359ac6cb043df8e58c965bb45f4e406ecb162cc", - "sha256:509eac6cf09c794aa27bcacfd4d62c885cce62bef7b2c3e8b2e49d365b5003fe", - "sha256:52509b5be062d9eafc8170e53026fbc54cf3b32759a23d07fd935fb04fc22d95", - "sha256:52f2dffc8acaba9a2f27174c41c9e57f60b907bb9f096b36b1a1f3be71c6284d", - "sha256:574b7eae1ab267e5f8285f0fe881f17efe4b98c39a40858247720935b893bba8", - "sha256:5979b5632c3e3534e42ca6ff856bb24b2e3071b37861c2c727ce220d80eee9ed", - "sha256:59d43b61c59d82f2effb39a93c48b845efe23a3852d201ed2d24ba830d0b4cf2", - "sha256:5a4dcf02b908c3b8b17a45fb0f15b695bf117a67b76b7ad18b73cf8e92608775", - "sha256:5cad9430ab3e2e4fa4a2ef4450f548768400a2ac635841bc2a56a2052cdbeb87", - "sha256:5fc1b16f586f049820c5c5b17bb4ee7583092fa0d1c4e28b5239181ff9532e0c", - "sha256:62501642008a8b9871ddfccbf83e4222cf8ac0d5aeedf73da36153ef2ec222d2", - "sha256:64bdf1086b6043bf519869678f5f2757f473dee970d7abf6da91ec00acb9cb98", - "sha256:64da238a09d6039e3bd39bb3aee9c21a5e34f28bfa5aa22518581f910ff94af3", - "sha256:666daae833559deb2d609afa4490b85830ab0dfca811a98b70a205621a6109fe", - "sha256:67040058f37a2a51ed8ea8f6b0e6ee5bd78ca67f169ce6122f3e2ec80dfe9b78", - "sha256:6748717bb10339c4760c1e63da040f5f29f5ed6e59d76daee30305894069a660", - "sha256:6b181d8c23da913d4ff585afd1155a0e1194c0b50c54fcfe286f70cdaf2b7176", - "sha256:6ed5f161328b7df384d71b07317f4d8656434e34591f20552c7bcef27b0ab88e", - "sha256:7582a1d1030e15422262de9f58711774e02fa80df0d1578995c76214f6954988", - "sha256:7d18748f2d30f94f498e852c67d61261c643b349b9d2a581131725595c45ec6c", - "sha256:7d6ae9d593ef8641544d6263c7fa6408cc90370c8cb2bbb65f8d43e5b0351d9c", - "sha256:81a4f0b34bd92df3da93315c6a59034df95866014ac08535fc819f043bfd51f0", - "sha256:8316a77808c501004802f9beebde51c9f857054a0c871bd6da8280e718444449", - "sha256:853888594621e6604c978ce2a0444a1e6e70c8d253ab65ba11657659dcc9100f", - "sha256:99b76c052e9f1bc0721f7541e5e8c05db3941eb9ebe7b8553c625ef88d6eefde", - "sha256:a2e4369eb3d47d2034032a26c7a80fcb21a2cb22e1173d761a162f11e562caa5", - "sha256:ab55edc2e84460694295f401215f4a58597f8f7c9466faec545093045476327d", - "sha256:af048912e045a2dc732847d33821a9d84ba553f5c5f028adbd364dd4765092ac", - "sha256:b1a2eeedcead3a41694130495593a559a668f382eee0727352b9a41e1c45759a", - "sha256:b1e8b901e607795ec06c9e42530788c45ac21ef3aaa11dbd0c69de543bfb79a9", - "sha256:b41156839806aecb3641f3208c0dafd3ac7775b9c4c422d82ee2a45c34ba81ca", - "sha256:b692f419760c0e65d060959df05f2a531945af31fda0c8a3b3195d4efd06de11", - "sha256:bc779e9e6f7fda81b3f9aa58e3a6091d49ad528b11ed19f6621408806204ad35", - "sha256:bf6774e60d67a9efe02b3616fee22441d86fab4c6d335f9d2051d19d90a40063", - "sha256:c048099e4c9e9d615545e2001d3d8a4380bd403e1a0578734e0d31703d1b0c0b", - "sha256:c5cb09abb18c1ea940fb99360ea0396f34d46566f157122c92dfa069d3e0e982", - "sha256:cc8e1d0c705233c5dd0c5e6460fbad7827d5d36f310a0fadfd45cc3029762258", - "sha256:d5e3fc56f88cc98ef8139255cf8cd63eb2c586531e43310ff859d6bb3a6b51f1", - "sha256:d6aa0418fcc838522256761b3415822626f866758ee0bc6632c9486b179d0b52", - "sha256:d6c254ba6e45d8e72739281ebc46ea5eb5f101234f3ce171f0e9f5cc86991480", - "sha256:d6d635d5209b82a3492508cf5b365f3446afb65ae7ebd755e70e18f287b0adf7", - "sha256:dcfe792765fab89c365123c81046ad4103fcabbc4f56d1c1997e6715e8015461", - "sha256:ddd3915998d93fbcd2566ddf9cf62cdb35c9e093075f862935573d265cf8f65d", - "sha256:ddff9c4e225a63a5afab9dd15590432c22e8057e1a9a13d28ed128ecf047bbdc", - "sha256:e41b7e2b59679edfa309e8db64fdf22399eec4b0b24694e1b2104fb789207779", - "sha256:e69924bfcdda39b722ef4d9aa762b2dd38e4632b3641b1d9a57ca9cd18f2f83a", - "sha256:ea20853c6dbbb53ed34cb4d080382169b6f4554d394015f1bef35e881bf83547", - "sha256:ee2a1ece51b9b9e7752e742cfb661d2a29e7bcdba2d27e66e28a99f1890e4fa0", - "sha256:eeb6dcc05e911516ae3d1f207d4b0520d07f54484c49dfc294d6e7d63b734171", - "sha256:f70b98cd94886b49d91170ef23ec5c0e8ebb6f242d734ed7ed677b24d50c82cf", - "sha256:fc35cb4676846ef752816d5be2193a1e8367b4c1397b74a565a9d0389c433a1d", - "sha256:ff959bee35038c4624250473988b24f846cbeb2c6639de3602c073f10410ceba" - ], - "markers": "python_version >= '3.7'", - "version": "==6.0.4" - }, - "mypy-extensions": { - "hashes": [ - "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d", - "sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782" - ], - "markers": "python_version >= '3.5'", - "version": "==1.0.0" - }, - "packaging": { - "hashes": [ - "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5", - "sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7" - ], - "markers": "python_version >= '3.7'", - "version": "==23.2" - }, - "pathspec": { - "hashes": [ - "sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08", - "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712" - ], - "markers": "python_version >= '3.8'", - "version": "==0.12.1" - }, - "platformdirs": { - "hashes": [ - "sha256:11c8f37bcca40db96d8144522d925583bdb7a31f7b0e37e3ed4318400a8e2380", - "sha256:906d548203468492d432bcb294d4bc2fff751bf84971fbb2c10918cc206ee420" - ], - "markers": "python_version >= '3.8'", - "version": "==4.1.0" - }, - "pluggy": { - "hashes": [ - "sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12", - "sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7" - ], - "markers": "python_version >= '3.8'", - "version": "==1.3.0" - }, - "pytest": { - "hashes": [ - "sha256:0d009c083ea859a71b76adf7c1d502e4bc170b80a8ef002da5806527b9591fac", - "sha256:d989d136982de4e3b29dabcc838ad581c64e8ed52c11fbe86ddebd9da0818cd5" - ], - "index": "pypi", - "markers": "python_version >= '3.7'", - "version": "==7.4.3" - }, - "pytest-testinfra": { - "hashes": [ - "sha256:03be2824aece7a5eda8bb4f9dbed4d8c821efcfbbc13e13df17f392c229a44ed", - "sha256:2fb7d0185458a9ba669ff14d0ddbec8b3900c6bde3fb6fad9b097374ce4ab77d" - ], - "index": "pypi", - "markers": "python_version >= '3.9'", - "version": "==10.0.0" - }, - "pytest-xdist": { - "hashes": [ - "sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a", - "sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24" - ], - "index": "pypi", - "markers": "python_version >= '3.7'", - "version": "==3.5.0" - }, - "yarl": { - "hashes": [ - "sha256:008d3e808d03ef28542372d01057fd09168419cdc8f848efe2804f894ae03e51", - "sha256:03caa9507d3d3c83bca08650678e25364e1843b484f19986a527630ca376ecce", - "sha256:07574b007ee20e5c375a8fe4a0789fad26db905f9813be0f9fef5a68080de559", - "sha256:09efe4615ada057ba2d30df871d2f668af661e971dfeedf0c159927d48bbeff0", - "sha256:0d2454f0aef65ea81037759be5ca9947539667eecebca092733b2eb43c965a81", - "sha256:0e9d124c191d5b881060a9e5060627694c3bdd1fe24c5eecc8d5d7d0eb6faabc", - "sha256:18580f672e44ce1238b82f7fb87d727c4a131f3a9d33a5e0e82b793362bf18b4", - "sha256:1f23e4fe1e8794f74b6027d7cf19dc25f8b63af1483d91d595d4a07eca1fb26c", - "sha256:206a55215e6d05dbc6c98ce598a59e6fbd0c493e2de4ea6cc2f4934d5a18d130", - "sha256:23d32a2594cb5d565d358a92e151315d1b2268bc10f4610d098f96b147370136", - "sha256:26a1dc6285e03f3cc9e839a2da83bcbf31dcb0d004c72d0730e755b33466c30e", - "sha256:29e0f83f37610f173eb7e7b5562dd71467993495e568e708d99e9d1944f561ec", - "sha256:2b134fd795e2322b7684155b7855cc99409d10b2e408056db2b93b51a52accc7", - "sha256:2d47552b6e52c3319fede1b60b3de120fe83bde9b7bddad11a69fb0af7db32f1", - "sha256:357495293086c5b6d34ca9616a43d329317feab7917518bc97a08f9e55648455", - "sha256:35a2b9396879ce32754bd457d31a51ff0a9d426fd9e0e3c33394bf4b9036b099", - "sha256:3777ce5536d17989c91696db1d459574e9a9bd37660ea7ee4d3344579bb6f129", - "sha256:3986b6f41ad22988e53d5778f91855dc0399b043fc8946d4f2e68af22ee9ff10", - "sha256:44d8ffbb9c06e5a7f529f38f53eda23e50d1ed33c6c869e01481d3fafa6b8142", - "sha256:49a180c2e0743d5d6e0b4d1a9e5f633c62eca3f8a86ba5dd3c471060e352ca98", - "sha256:4aa9741085f635934f3a2583e16fcf62ba835719a8b2b28fb2917bb0537c1dfa", - "sha256:4b21516d181cd77ebd06ce160ef8cc2a5e9ad35fb1c5930882baff5ac865eee7", - "sha256:4b3c1ffe10069f655ea2d731808e76e0f452fc6c749bea04781daf18e6039525", - "sha256:4c7d56b293cc071e82532f70adcbd8b61909eec973ae9d2d1f9b233f3d943f2c", - "sha256:4e9035df8d0880b2f1c7f5031f33f69e071dfe72ee9310cfc76f7b605958ceb9", - "sha256:54525ae423d7b7a8ee81ba189f131054defdb122cde31ff17477951464c1691c", - "sha256:549d19c84c55d11687ddbd47eeb348a89df9cb30e1993f1b128f4685cd0ebbf8", - "sha256:54beabb809ffcacbd9d28ac57b0db46e42a6e341a030293fb3185c409e626b8b", - "sha256:566db86717cf8080b99b58b083b773a908ae40f06681e87e589a976faf8246bf", - "sha256:5a2e2433eb9344a163aced6a5f6c9222c0786e5a9e9cac2c89f0b28433f56e23", - "sha256:5aef935237d60a51a62b86249839b51345f47564208c6ee615ed2a40878dccdd", - "sha256:604f31d97fa493083ea21bd9b92c419012531c4e17ea6da0f65cacdcf5d0bd27", - "sha256:63b20738b5aac74e239622d2fe30df4fca4942a86e31bf47a81a0e94c14df94f", - "sha256:686a0c2f85f83463272ddffd4deb5e591c98aac1897d65e92319f729c320eece", - "sha256:6a962e04b8f91f8c4e5917e518d17958e3bdee71fd1d8b88cdce74dd0ebbf434", - "sha256:6ad6d10ed9b67a382b45f29ea028f92d25bc0bc1daf6c5b801b90b5aa70fb9ec", - "sha256:6f5cb257bc2ec58f437da2b37a8cd48f666db96d47b8a3115c29f316313654ff", - "sha256:6fe79f998a4052d79e1c30eeb7d6c1c1056ad33300f682465e1b4e9b5a188b78", - "sha256:7855426dfbddac81896b6e533ebefc0af2f132d4a47340cee6d22cac7190022d", - "sha256:7d5aaac37d19b2904bb9dfe12cdb08c8443e7ba7d2852894ad448d4b8f442863", - "sha256:801e9264d19643548651b9db361ce3287176671fb0117f96b5ac0ee1c3530d53", - "sha256:81eb57278deb6098a5b62e88ad8281b2ba09f2f1147c4767522353eaa6260b31", - "sha256:824d6c50492add5da9374875ce72db7a0733b29c2394890aef23d533106e2b15", - "sha256:8397a3817d7dcdd14bb266283cd1d6fc7264a48c186b986f32e86d86d35fbac5", - "sha256:848cd2a1df56ddbffeb375535fb62c9d1645dde33ca4d51341378b3f5954429b", - "sha256:84fc30f71689d7fc9168b92788abc977dc8cefa806909565fc2951d02f6b7d57", - "sha256:8619d6915b3b0b34420cf9b2bb6d81ef59d984cb0fde7544e9ece32b4b3043c3", - "sha256:8a854227cf581330ffa2c4824d96e52ee621dd571078a252c25e3a3b3d94a1b1", - "sha256:8be9e837ea9113676e5754b43b940b50cce76d9ed7d2461df1af39a8ee674d9f", - "sha256:928cecb0ef9d5a7946eb6ff58417ad2fe9375762382f1bf5c55e61645f2c43ad", - "sha256:957b4774373cf6f709359e5c8c4a0af9f6d7875db657adb0feaf8d6cb3c3964c", - "sha256:992f18e0ea248ee03b5a6e8b3b4738850ae7dbb172cc41c966462801cbf62cf7", - "sha256:9fc5fc1eeb029757349ad26bbc5880557389a03fa6ada41703db5e068881e5f2", - "sha256:a00862fb23195b6b8322f7d781b0dc1d82cb3bcac346d1e38689370cc1cc398b", - "sha256:a3a6ed1d525bfb91b3fc9b690c5a21bb52de28c018530ad85093cc488bee2dd2", - "sha256:a6327976c7c2f4ee6816eff196e25385ccc02cb81427952414a64811037bbc8b", - "sha256:a7409f968456111140c1c95301cadf071bd30a81cbd7ab829169fb9e3d72eae9", - "sha256:a825ec844298c791fd28ed14ed1bffc56a98d15b8c58a20e0e08c1f5f2bea1be", - "sha256:a8c1df72eb746f4136fe9a2e72b0c9dc1da1cbd23b5372f94b5820ff8ae30e0e", - "sha256:a9bd00dc3bc395a662900f33f74feb3e757429e545d831eef5bb280252631984", - "sha256:aa102d6d280a5455ad6a0f9e6d769989638718e938a6a0a2ff3f4a7ff8c62cc4", - "sha256:aaaea1e536f98754a6e5c56091baa1b6ce2f2700cc4a00b0d49eca8dea471074", - "sha256:ad4d7a90a92e528aadf4965d685c17dacff3df282db1121136c382dc0b6014d2", - "sha256:b8477c1ee4bd47c57d49621a062121c3023609f7a13b8a46953eb6c9716ca392", - "sha256:ba6f52cbc7809cd8d74604cce9c14868306ae4aa0282016b641c661f981a6e91", - "sha256:bac8d525a8dbc2a1507ec731d2867025d11ceadcb4dd421423a5d42c56818541", - "sha256:bef596fdaa8f26e3d66af846bbe77057237cb6e8efff8cd7cc8dff9a62278bbf", - "sha256:c0ec0ed476f77db9fb29bca17f0a8fcc7bc97ad4c6c1d8959c507decb22e8572", - "sha256:c38c9ddb6103ceae4e4498f9c08fac9b590c5c71b0370f98714768e22ac6fa66", - "sha256:c7224cab95645c7ab53791022ae77a4509472613e839dab722a72abe5a684575", - "sha256:c74018551e31269d56fab81a728f683667e7c28c04e807ba08f8c9e3bba32f14", - "sha256:ca06675212f94e7a610e85ca36948bb8fc023e458dd6c63ef71abfd482481aa5", - "sha256:d1d2532b340b692880261c15aee4dc94dd22ca5d61b9db9a8a361953d36410b1", - "sha256:d25039a474c4c72a5ad4b52495056f843a7ff07b632c1b92ea9043a3d9950f6e", - "sha256:d5ff2c858f5f6a42c2a8e751100f237c5e869cbde669a724f2062d4c4ef93551", - "sha256:d7d7f7de27b8944f1fee2c26a88b4dabc2409d2fea7a9ed3df79b67277644e17", - "sha256:d7eeb6d22331e2fd42fce928a81c697c9ee2d51400bd1a28803965883e13cead", - "sha256:d8a1c6c0be645c745a081c192e747c5de06e944a0d21245f4cf7c05e457c36e0", - "sha256:d8b889777de69897406c9fb0b76cdf2fd0f31267861ae7501d93003d55f54fbe", - "sha256:d9e09c9d74f4566e905a0b8fa668c58109f7624db96a2171f21747abc7524234", - "sha256:db8e58b9d79200c76956cefd14d5c90af54416ff5353c5bfd7cbe58818e26ef0", - "sha256:ddb2a5c08a4eaaba605340fdee8fc08e406c56617566d9643ad8bf6852778fc7", - "sha256:e0381b4ce23ff92f8170080c97678040fc5b08da85e9e292292aba67fdac6c34", - "sha256:e23a6d84d9d1738dbc6e38167776107e63307dfc8ad108e580548d1f2c587f42", - "sha256:e516dc8baf7b380e6c1c26792610230f37147bb754d6426462ab115a02944385", - "sha256:ea65804b5dc88dacd4a40279af0cdadcfe74b3e5b4c897aa0d81cf86927fee78", - "sha256:ec61d826d80fc293ed46c9dd26995921e3a82146feacd952ef0757236fc137be", - "sha256:ee04010f26d5102399bd17f8df8bc38dc7ccd7701dc77f4a68c5b8d733406958", - "sha256:f3bc6af6e2b8f92eced34ef6a96ffb248e863af20ef4fde9448cc8c9b858b749", - "sha256:f7d6b36dd2e029b6bcb8a13cf19664c7b8e19ab3a58e0fefbb5b8461447ed5ec" - ], - "markers": "python_version >= '3.7'", - "version": "==1.9.4" - } - }, - "develop": {} -} diff --git a/test/requirements.txt b/test/requirements.txt new file mode 100644 index 0000000..e41b194 --- /dev/null +++ b/test/requirements.txt @@ -0,0 +1,4 @@ +pytest == 7.4. +pytest-xdist == 3.5.0 +pytest-testinfra == 10.0.0 +black == 23.12.0 From 5f8ca1822fd24fbb71fde10f03d010bec9cda0b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 17 Dec 2023 13:42:19 +0100 Subject: [PATCH 124/175] Re-add importand comment line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/test/Dockerfile b/test/Dockerfile index 8763519..3c5e42e 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -14,6 +14,7 @@ RUN apk add --no-cache \ curl \ && pip3 install --break-system-packages --no-cache-dir -U pip \ && pip3 install --break-system-packages --no-cache-dir -r requirements.txt \ + # Not 100% sure what this line does, but it's always been in the Dockerfile (aside from pointing at a different file) # Tests fall over without it. Investigate later. && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.11/site-packages/testinfra/backend/docker.py From 90e45d7269711dca2af6599bf619951067e70403 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Fri, 22 Dec 2023 19:41:11 +0100 Subject: [PATCH 125/175] Fix v6 built on riscv MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/build-and-publish.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 02dab93..eb0bd36 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -18,14 +18,14 @@ jobs: matrix: registry: [dockerhub, ghcr] platform: [linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64] - container: [3.18] + alpine_version: [3.19] include: - registry: dockerhub platform: linux/riscv64 - container: edge + alpine_version: edge - registry: ghcr platform: linux/riscv64 - container: edge + alpine_version: edge steps: - name: Checkout Repo uses: actions/checkout@v4 @@ -65,7 +65,7 @@ jobs: platforms: ${{ matrix.platform }} build-args: | PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} - CONTAINER=${{ matrix.container }} + alpine_version=${{ matrix.alpine_version }} labels: ${{ steps.meta.outputs.labels }} outputs: | type=image,name=${{ env[matrix.registry] }},push-by-digest=true,name-canonical=true,push=true From 2d799822b3b0e8b94a21ec1d1bdb5128141717f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Dec 2023 12:24:30 +0000 Subject: [PATCH 126/175] Bump actions/download-artifact from 3 to 4 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index eb0bd36..e04c6a4 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -100,7 +100,7 @@ jobs: uses: actions/checkout@v4 - name: Download digests - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: digests path: /tmp/digests From 85995a460a1c5fc80f45f19c316dfb6d862e18b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Dec 2023 12:35:13 +0000 Subject: [PATCH 127/175] Bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index e04c6a4..c8da5f8 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -77,7 +77,7 @@ jobs: touch "/tmp/digests/${{ matrix.registry }}/${digest_docker#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: digests path: /tmp/digests/* From b7fea60f1804111c0e1e6ca7cee8127d6e91295d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 23 Dec 2023 16:16:21 +0000 Subject: [PATCH 128/175] Revert "Bump actions/download-artifact from 3 to 4" --- .github/workflows/build-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index c8da5f8..d2deb01 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -100,7 +100,7 @@ jobs: uses: actions/checkout@v4 - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v3 with: name: digests path: /tmp/digests From 9518e61cea057ba44aea8a30438392b0274e3a33 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 23 Dec 2023 16:16:23 +0000 Subject: [PATCH 129/175] Revert "Bump actions/upload-artifact from 3 to 4" --- .github/workflows/build-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index c8da5f8..e04c6a4 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -77,7 +77,7 @@ jobs: touch "/tmp/digests/${{ matrix.registry }}/${digest_docker#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v3 with: name: digests path: /tmp/digests/* From 59abffe75b76df7040daa430b49b3d564aaf0e41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 23 Dec 2023 21:26:36 +0100 Subject: [PATCH 130/175] Update artifacts action to v4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/build-and-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index eb0bd36..c8da5f8 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -77,7 +77,7 @@ jobs: touch "/tmp/digests/${{ matrix.registry }}/${digest_docker#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: digests path: /tmp/digests/* @@ -100,7 +100,7 @@ jobs: uses: actions/checkout@v4 - name: Download digests - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: digests path: /tmp/digests From 03a037994e897f7a3a418f02a34f553bf19ea9ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 23 Dec 2023 21:52:42 +0100 Subject: [PATCH 131/175] Adjust workflow to run with artifacts v4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/build-and-publish.yml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index c8da5f8..f17e22c 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -23,9 +23,21 @@ jobs: - registry: dockerhub platform: linux/riscv64 alpine_version: edge + platform_dir: linux-riscv64 - registry: ghcr platform: linux/riscv64 alpine_version: edge + platform_dir: linux-riscv64 + - platform: linux/amd64 + platform_dir: linux-amd64 + - platform: linux/386 + platform_dir: linux-386 + - platform: linux/arm/v6 + platform_dir: linux-arm-v6 + - platform: linux/arm/v7 + platform_dir: linux-arm-v7 + - platform: linux/arm64 + platform_dir: linux-arm64 steps: - name: Checkout Repo uses: actions/checkout@v4 @@ -79,7 +91,7 @@ jobs: - name: Upload digest uses: actions/upload-artifact@v4 with: - name: digests + name: ${{ matrix.platform_dir}} path: /tmp/digests/* if-no-files-found: error retention-days: 1 @@ -101,9 +113,14 @@ jobs: - name: Download digests uses: actions/download-artifact@v4 + id: download with: - name: digests - path: /tmp/digests + path: /tmp/download + + - name: Copy all artifacts from sub-directories to /tmp/digests + run: | + mkdir /tmp/digests + cp ${{steps.download.outputs.download-path}}/**/* /tmp/digests - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 From d0f321b604ad08493d09a181041fc505ffd00310 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 3 Jan 2024 22:45:46 +0100 Subject: [PATCH 132/175] Simplify up/download MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/build-and-publish.yml | 29 ++++++++----------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index f17e22c..6f67f23 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -23,22 +23,15 @@ jobs: - registry: dockerhub platform: linux/riscv64 alpine_version: edge - platform_dir: linux-riscv64 - registry: ghcr platform: linux/riscv64 alpine_version: edge - platform_dir: linux-riscv64 - - platform: linux/amd64 - platform_dir: linux-amd64 - - platform: linux/386 - platform_dir: linux-386 - - platform: linux/arm/v6 - platform_dir: linux-arm-v6 - - platform: linux/arm/v7 - platform_dir: linux-arm-v7 - - platform: linux/arm64 - platform_dir: linux-arm64 steps: + - name: Prepare name for digest up/download + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout Repo uses: actions/checkout@v4 @@ -91,7 +84,7 @@ jobs: - name: Upload digest uses: actions/upload-artifact@v4 with: - name: ${{ matrix.platform_dir}} + name: digests-${{ matrix.platform}} path: /tmp/digests/* if-no-files-found: error retention-days: 1 @@ -113,15 +106,11 @@ jobs: - name: Download digests uses: actions/download-artifact@v4 - id: download with: - path: /tmp/download + path: /tmp/digests + pattern: digests-* + merge-multiple: true - - name: Copy all artifacts from sub-directories to /tmp/digests - run: | - mkdir /tmp/digests - cp ${{steps.download.outputs.download-path}}/**/* /tmp/digests - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 From 0ba8648dbb0a0d129522e61db61905f477175847 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 6 Jan 2024 13:21:32 +0100 Subject: [PATCH 133/175] Use ${{ env.PLATFORM_PAIR }} MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/build-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 6f67f23..1251cba 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -84,7 +84,7 @@ jobs: - name: Upload digest uses: actions/upload-artifact@v4 with: - name: digests-${{ matrix.platform}} + name: digests-${{ env.PLATFORM_PAIR }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 From f4f91f778c3527babe0b38e181b3d4ab0920a1da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sat, 6 Jan 2024 21:31:41 +0100 Subject: [PATCH 134/175] Consider registry when up/downloading artifacts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/build-and-publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 1251cba..46d118b 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -84,7 +84,7 @@ jobs: - name: Upload digest uses: actions/upload-artifact@v4 with: - name: digests-${{ env.PLATFORM_PAIR }} + name: digests-${{ matrix.registry }}-${{ env.PLATFORM_PAIR }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 @@ -107,8 +107,8 @@ jobs: - name: Download digests uses: actions/download-artifact@v4 with: - path: /tmp/digests - pattern: digests-* + path: /tmp/digests/${{ matrix.registry }} + pattern: digests-${{ matrix.registry }}-* merge-multiple: true - name: Set up Docker Buildx From d3bb3bdebb510bb0121c1d93f54f0da1a9b912a9 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 7 Jan 2024 14:36:24 +0000 Subject: [PATCH 135/175] Simplify build and publish action for v6. No need to have an additional matrix for each registry Remove un-needed action file Signed-off-by: Adam Warner --- .github/actions/merge-and-push/action.yml | 48 ---------------- .github/workflows/build-and-publish.yml | 70 +++++++++++------------ 2 files changed, 34 insertions(+), 84 deletions(-) delete mode 100644 .github/actions/merge-and-push/action.yml diff --git a/.github/actions/merge-and-push/action.yml b/.github/actions/merge-and-push/action.yml deleted file mode 100644 index d73480a..0000000 --- a/.github/actions/merge-and-push/action.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Merge and push -description: Apply meta, create manifest, and push to container registry - -inputs: - imagename: - required: true - description: The name of the image to push - platform: - required: true - description: The platform to push the image for - -runs: - using: "composite" - steps: - - - name: Docker meta - id: meta_docker - uses: docker/metadata-action@v4 - with: - images: | - ${{ inputs.imagename }},enable=${{ github.event_name != 'pull_request' && github.event_name != 'workflow_dispatch' }} - foo/bar,enable=${{ github.event_name == 'pull_request' }} - # We want to tag the image with the latest tag if the workflow was triggered by a tag - flavor: | - latest=${{ startsWith(github.ref, 'refs/tags/') }} - # tags: - # type=schedule means that a tag is applied when the workflow is triggered by a schedule event - # type=ref,event=branch means that a tag is applied when the workflow is triggered by a push to a branch - # type=ref,event=tag means that a tag is applied when the workflow is triggered by a push to a tag - tags: | - type=schedule,suffix=-${{ inputs.platform }},enable=${{ github.event_name == 'schedule' }} - type=ref,event=branch,suffix=-${{ inputs.platform }},enable=${{ github.event_name != 'schedule' }} - type=ref,event=tag,suffix=-${{ inputs.platform }} - - - name: Create manifest list and push to repository - working-directory: /tmp/digests/dockerhub/${{ inputs.platform }} - # When using composite actions, you have to specify the shell. As you - # don’t specify a runner type in composite actions, you need to specify - # the shell instead for each action. - shell: bash - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ inputs.imagename }}@sha256:%s ' *) - - - name: Inspect image - shell: bash - run: | - docker buildx imagetools inspect ${{ inputs.imagename }}:${{ steps.meta_docker.outputs.version }} \ No newline at end of file diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 46d118b..b4e3401 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -16,16 +16,12 @@ jobs: strategy: fail-fast: false matrix: - registry: [dockerhub, ghcr] platform: [linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64] alpine_version: [3.19] include: - - registry: dockerhub - platform: linux/riscv64 - alpine_version: edge - - registry: ghcr - platform: linux/riscv64 + - platform: linux/riscv64 alpine_version: edge + steps: - name: Prepare name for digest up/download run: | @@ -35,13 +31,14 @@ jobs: - name: Checkout Repo uses: actions/checkout@v4 - - name: Docker meta (Docker Hub and GitHub Container Registry) + - name: Docker meta id: meta uses: docker/metadata-action@v5 with: github-token: ${{ secrets.GITHUB_TOKEN }} images: | - ${{ env[matrix.registry] }} + ${{ env.dockerhub }} + ${{ env.ghcr }} flavor: | latest=false tags: | @@ -59,10 +56,11 @@ jobs: uses: docker/setup-qemu-action@v3 with: platforms: ${{ matrix.platform}} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Build container and push by digest (${{ matrix.registry }}) + - name: Build container and push by digest id: build uses: docker/build-push-action@v5 with: @@ -73,18 +71,18 @@ jobs: alpine_version=${{ matrix.alpine_version }} labels: ${{ steps.meta.outputs.labels }} outputs: | - type=image,name=${{ env[matrix.registry] }},push-by-digest=true,name-canonical=true,push=true + type=image,name=${{ env.dockerhub }},push-by-digest=true,name-canonical=true,push=true - name: Export digests run: | - mkdir -p /tmp/digests/${{ matrix.registry }} + mkdir -p /tmp/digests digest_docker="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${{ matrix.registry }}/${digest_docker#sha256:}" + touch "/tmp/digests/${digest_docker#sha256:}" - name: Upload digest uses: actions/upload-artifact@v4 with: - name: digests-${{ matrix.registry }}-${{ env.PLATFORM_PAIR }} + name: digests-${{ env.PLATFORM_PAIR }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 @@ -93,10 +91,6 @@ jobs: # If we would push immediately above, the individual runners would overwrite each other's images # https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners merge-and-deploy: - strategy: - fail-fast: false - matrix: - registry: [dockerhub, ghcr] runs-on: ubuntu-latest needs: - build @@ -107,13 +101,26 @@ jobs: - name: Download digests uses: actions/download-artifact@v4 with: - path: /tmp/digests/${{ matrix.registry }} - pattern: digests-${{ matrix.registry }}-* + path: /tmp/digests + pattern: digests-* merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + images: | + ${{ env.dockerhub }} + ${{ env.ghcr }} + flavor: | + latest=false + tags: | + development-v6 + - name: Login to DockerHub and GitHub Container Registry uses: ./.github/actions/login-repo with: @@ -122,24 +129,15 @@ jobs: ghcr_username: ${{ github.repository_owner }} ghcr_password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker meta (Docker Hub and GitHub Container Registry) - id: meta - uses: docker/metadata-action@v5 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - images: | - ${{ env[matrix.registry] }} - flavor: | - latest=false - tags: | - development-v6 - - - name: Create manifest list and push (${{ matrix.registry }}) - working-directory: /tmp/digests/${{ matrix.registry }} + - name: Create manifest list and push (DockerHub and GitHub Container Registry) + working-directory: /tmp/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env[matrix.registry] }}@sha256:%s ' *) + $(printf '${{ env.dockerhub }}@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.ghcr }}@sha256:%s ' *) - - name: Inspect image + - name: Inspect images run: | - docker buildx imagetools inspect ${{ env[matrix.registry] }}:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect ${{ env.dockerhub }}:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect ${{ env.ghcr }}:${{ steps.meta.outputs.version }} \ No newline at end of file From 24090b227ef3ff24df80947e5e62d5546defc1ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 10 Jan 2024 13:49:05 +0100 Subject: [PATCH 136/175] Add dockerfile frontend synatax line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- src/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Dockerfile b/src/Dockerfile index ada4f0a..8fe0a5d 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,3 +1,4 @@ +# syntax=docker/dockerfile:1 ARG alpine_version="3.19" FROM alpine:${alpine_version} # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope From 9fefa11c4151d5adbbcd36248ea7fc871f4f40b5 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 10 Mar 2024 19:29:38 +0000 Subject: [PATCH 137/175] Tidy up a few things in the readme and code. Check that pihole-FTL is configured with upstream servers or it will not function! Signed-off-by: Adam Warner --- README.md | 45 ++++++++++------- examples/docker-compose-caddy-proxy.yml | 39 ++++++++------- src/bash_functions.sh | 66 ++++++++++++------------- src/start.sh | 11 +---- 4 files changed, 82 insertions(+), 79 deletions(-) diff --git a/README.md b/README.md index be83bf1..c6c4d75 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,8 @@ Using [Docker-compose](https://docs.docker.com/compose/install/): 1. Copy the below docker compose example and update as needed + + ```yml version: "3" @@ -32,24 +34,34 @@ version: "3" services: pihole: container_name: pihole - image: pihole/pihole:latest - # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" + image: pihole/pihole:latest ports: + # DNS Ports - "53:53/tcp" - "53:53/udp" - - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server + # Default HTTP Port - "80:80/tcp" - - "443:443/tcp" # By default, FTL will generate a self-signed certificate + # Default HTTPs Port. FTL Will generate a self-signed certificate + - "443:443/tcp" + # Uncomment the below if using Pi-hole as your DHCP Server + #- "67:67/udp" environment: - TZ: 'America/Chicago' - # FTLCONF_webserver_api_password: 'set a secure password here or it will be random' + # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g: + TZ: 'Europe/London' + # Set a password to access the web interface. Not setting one will result in a random password being assigned + FTLCONF_webserver_api_password: 'correct horse battery staple' + # Configure DNS upstream servers, e.g: + FTLCONF_dns_upstreams: '8.8.8.8, 8.8.4.4' # Volumes store your data between container upgrades volumes: + # For persisting Pi-hole's databases and common configuration file - './etc-pihole:/etc/pihole' - # - './etc-dnsmasq.d:/etc/dnsmasq.d' # Only needed if you have some custom configs for dnsmasq - # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most. + #- './etc-dnsmasq.d:/etc/dnsmasq.d' cap_add: - - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed + # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # Required if you are using Pi-hole as your DHCP server, else not needed + - NET_ADMIN restart: unless-stopped ``` @@ -72,7 +84,7 @@ It is recommended that you use environment variables to configure the Pi-hole do ### Web interface password -To set a specific password for the web interface, use the environment variable `FTLCONF_webserver_api_password`. If this variable is not detected, and you have not already set one via `pihole setpassword` in the container, then a random password will be assigned on startup, this will be printed to the log. Run `docker logs pihole | grep random` to find it. +To set a specific password for the web interface, use the environment variable `FTLCONF_webserver_api_password`. If this variable is not detected, and you have not already set one via `pihole setpassword` / `pihole-FTL --config webserver.api.password` inside the container, then a random password will be assigned on startup, this will be printed to the log. Run `docker logs pihole | grep random password` to find it. To explicitly set no password, set `FTLCONF_webserver_api_password: ''` @@ -98,7 +110,7 @@ To explicitly set no password, set `FTLCONF_webserver_api_password: ''` | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | | `FTL_CMD` | `no-daemon` | `no-daemon -- ` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. | -|`FTLCONF_ENV_ONLY`|unset|``|If set to true, FTL will use default values for all config values unless explicitly set as an environment variable| +| `FTLCONF_ENV_ONLY`|unset|``|If set to true, FTL will use default values for all config values unless explicitly set as an environment variable| | `DNSMASQ_USER` | unset | `` | Allows changing the user that FTLDNS runs as. Default: `pihole`, some systems such as Synology NAS may require you to change this to `root` (See [#963](https://github.com/pi-hole/docker-pi-hole/issues/963)) | | `ADDITIONAL_PACKAGES`| unset | Space separated list of APKs | HERE BE DRAGONS. Mostly for development purposes, this just makes it easier for those of us that always like to have whatever additional tools we need inside the container for debugging | @@ -111,8 +123,7 @@ Here is a rundown of other arguments for your docker-compose / docker run. | `-v $(pwd)/etc-pihole:/etc/pihole`
**Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates | `--net=host`
_Optional_ | Alternative to `-p :` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings. | `--cap-add=NET_ADMIN`
_Recommended_ | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities. -| `--dns=127.0.0.1`
_Optional_ | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, may fix resolution errors on container restart. -| `--dns=1.1.1.1`
_Optional_ | Sets a backup server of your choosing in case DNSMasq has problems starting +| `--dns=n.n.n.n`
_Optional_ | Explicitly set container's DNS server. It is **_not recommended_** to set this to `localhost`/`127.0.0.1`. | `--env-file .env`
_Optional_ | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience ## Tips and Tricks @@ -165,7 +176,7 @@ The Date-based (including incremented "Patch" versions) do not relate to any kin | tag | description |---------------------|--------------------------------------------------------------------------------------------------------------------------------------------| | `latest` | Always latest release | -| `2022.04` | Date-based release | +| `2022.04.0` | Date-based release | | `2022.04.1` | Second release in a given month | | `dev` | Similar to `latest`, but for the development branch (pushed occasionally) | | `*beta` | Early beta releases of upcoming versions - here be dragons | @@ -184,7 +195,7 @@ Do not attempt to upgrade (`pihole -up`) or reconfigure (`pihole -r`). New imag - We will try to put common break/fixes at the top of this readme too 1. Download the latest version of the image: `docker pull pihole/pihole` 2. Throw away your container: `docker rm -f pihole` - - **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether. + - **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption. - If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step. 3. Start your container with the newer base image: `docker run pihole/pihole` (`` being your preferred run volumes and env vars) @@ -216,11 +227,11 @@ We install all pihole utilities so the the built in [pihole commands](https://di ### Customizations -The webserver and DNS service inside the container can be customized if necessary. Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts. +The webserver and DNS service inside the container can be customized if necessary. Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by pihole-FTL when the container starts or restarts. ## Note on Capabilities -DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) expects to have the following capabilities available: +[FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) expects to have the following capabilities available: - `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53) - `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it) diff --git a/examples/docker-compose-caddy-proxy.yml b/examples/docker-compose-caddy-proxy.yml index 0ee3cc1..ff4e3f1 100644 --- a/examples/docker-compose-caddy-proxy.yml +++ b/examples/docker-compose-caddy-proxy.yml @@ -7,31 +7,24 @@ services: container_name: caddy image: caddy:latest networks: - - caddy-net # Network exclusively for Caddy-proxied containers + - caddy-net # Network exclusively for Caddy-proxied containers restart: unless-stopped ports: - "80:80" - "443:443" - - "443:443/udp" # QUIC protocol support: https://www.chromium.org/quic/ + - "443:443/udp" # QUIC protocol support: https://www.chromium.org/quic/ volumes: - - ./Caddyfile:/etc/caddy/Caddyfile # config file on host in same directory as docker-compose.yml for easy editing. + - ./Caddyfile:/etc/caddy/Caddyfile # config file on host in same directory as docker-compose.yml for easy editing. #- $PWD/site:/srv # Only use if you are serving a website behind caddy - - caddy_data:/data # Use docker volumes here bc no need to access these files from host - - caddy_config:/config # Use docker volumes here bc no need to access these files from host - + - caddy_data:/data # Use docker volumes here bc no need to access these files from host + - caddy_config:/config # Use docker volumes here bc no need to access these files from host # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ pihole: depends_on: - caddy container_name: pihole - #dns: # Optional. Specify desired upstream DNS servers here. - # - 127.0.0.1 - # - 9.9.9.9 - # - 149.112.112.112 image: pihole/pihole:latest - networks: - - caddy-net # Need to plug into caddy net to access proxy ports: - "8081:80/tcp" # Pi-hole web admin interface, proxied through Caddy (configure port in Caddyfile) # Following are NOT proxied through Caddy, bound to host net instead: @@ -41,14 +34,22 @@ services: #- "67:67/udp" # DHCP, if desired. If not bound to host net you need an mDNS proxy service configured somewhere on host net. # ref: https://docs.pi-hole.net/docker/DHCP/ environment: - TZ: 'America/New_York' # Supported TZ database names: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#Time_Zone_abbreviations - FTLCONF_webserver_api_password: 'password' + # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g: + TZ: 'Europe/London' + # Set a password to access the web interface. Not setting one will result in a random password being assigned + FTLCONF_webserver_api_password: 'correct horse battery staple' + # Configure DNS upstream servers, e.g: + FTLCONF_dns_upstreams: '8.8.8.8, 8.8.4.4' + # Volumes store your data between container upgrades volumes: + # For persisting Pi-hole's databases and common configuration file - './etc-pihole:/etc/pihole' - - './etc-dnsmasq.d:/etc/dnsmasq.d' - #cap_add: # Uncomment if using Pi-hole as DHCP server - # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities - #- NET_ADMIN # ONLY required if you are using Pi-hole as your DHCP server, else remove for better security + # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most. + #- './etc-dnsmasq.d:/etc/dnsmasq.d' + cap_add: + # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # Required if you are using Pi-hole as your DHCP server, else not needed + - NET_ADMIN restart: unless-stopped # ref: https://hub.docker.com/_/caddy @@ -60,5 +61,5 @@ networks: # ref: https://hub.docker.com/_/caddy volumes: caddy_data: - external: true # May need to create volume with 'docker volume create caddy_data' + external: true # May need to create volume with 'docker volume create caddy_data' caddy_config: diff --git a/src/bash_functions.sh b/src/bash_functions.sh index c779e8c..6ea6af1 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -1,9 +1,5 @@ #!/bin/bash -# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE, -# else it will get overridden itself when we source basic-install.sh -[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}" - # Some of the bash_functions use utilities from Pi-hole's utils.sh # shellcheck disable=SC2154 # shellcheck source=/dev/null @@ -34,13 +30,17 @@ setFTLConfigValue() { # shellcheck disable=SC2034 ensure_basic_configuration() { + # Force a check of pihole-FTL --config, this will read any environment variables and set them in the config file + # suppress the output as we don't need to see the default values. + getFTLConfigValue >/dev/null + + echo "" echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh" mkdir -p /var/run/pihole /var/log/pihole touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log chown -R pihole:pihole /var/run/pihole /var/log/pihole - if [[ -z "${PYTEST}" ]]; then if [[ ! -f /etc/pihole/adlists.list ]]; then echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >/etc/pihole/adlists.list @@ -49,6 +49,11 @@ ensure_basic_configuration() { chown -R pihole:pihole /etc/pihole + # Install the logrotate config file - this is done already in Dockerfile + # but if a user has mounted a volume over /etc/pihole, it will have been lost + # pihole-FTL-prestart.sh will set the ownership of the file to root:root + install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate + # If FTLCONF_files_macvendor is not set if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then # User is not passing in a custom location - so force FTL to use the file we moved to / during the build @@ -56,42 +61,37 @@ ensure_basic_configuration() { chown pihole:pihole /macvendor.db fi - # Install the logrotate config file - this is done already in Dockerfile - # but if a user has mounted a volume over /etc/pihole, it will have been lost - # pihole-FTL-prestart.sh will set the ownership of the file to root:root - install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate -} + # If getFTLConfigValue "dns.upstreams" returns [], exit the container. We need upstream servers to function! + if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then + echo "" + echo " [X] No DNS upstream servers are set!" + echo " [i] Recommended: Set the upstream DNS servers in the environment variable FTLCONF_dns_upstream" + echo "" + exit 1 + fi -setup_web_password() { - echo " [i] Checking web password" - # If the web password variable is not set... + # If FTLCONF_webserver_api_password is not set if [ -z "${FTLCONF_webserver_api_password+x}" ]; then - # is the variable FTLCONF_ENV_ONLY set to true? - if [ "${FTLCONF_ENV_ONLY}" == "true" ]; then - echo " [i] No password supplied via FTLCONF_webserver_api_password, but FTLCONF_ENV_ONLY is set to true, using default (none)" - # If so, return - the password will be set to FTL's default (no password) - return - fi - - # Exit if password is already set in config file + # Is this already set to something other than blank (default) in FTL's config file? (maybe in a volume mount) if [[ $(pihole-FTL --config webserver.api.pwhash) = \$BALLOON-SHA256* ]]; then echo " [i] Password already set in config file" return - fi + else + # If we are here, the password is set in neither the environment nor the config file + # We will generate a random password. + RANDOMPASSWORD=$(tr -dc _A-Z-a-z-0-9 /dev/null - # Explicitly turn off bash printing when working with secrets - { set +x; } 2>/dev/null + pihole-FTL --config webserver.api.password "$RANDOMPASSWORD" >/dev/null - pihole setpassword "$RANDOMPASSWORD" - - # To avoid printing this if conditional in bash debug, turn off debug above.. - # then re-enable debug if necessary (more code but cleaner printed output) - if [ "${PH_VERBOSE:-0}" -gt 0 ]; then - set -x + # To avoid printing this if conditional in bash debug, turn off debug above.. + # then re-enable debug if necessary (more code but cleaner printed output) + if [ "${PH_VERBOSE:-0}" -gt 0 ]; then + set -x + fi fi else echo " [i] Assigning password defined by Environment Variable" diff --git a/src/start.sh b/src/start.sh index 89d2635..71ad54d 100644 --- a/src/start.sh +++ b/src/start.sh @@ -14,13 +14,7 @@ start() { echo " [i] Starting docker specific checks & setup for docker pihole/pihole" - # TODO: - #if [ ! -f /.piholeFirstBoot ] ; then - # echo " [i] Not first container startup so not running docker's setup, re-create container to run setup again" - #else - # regular_setup_functions - #fi - + # =========================== # Initial checks # =========================== @@ -47,9 +41,6 @@ start() { fi ensure_basic_configuration - setup_web_password - - # [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot # Install additional packages inside the container if requested if [ -n "${ADDITIONAL_PACKAGES}" ]; then From 24006c7a00429d1a5bf67e0d019d3dee293c8498 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 11 Mar 2024 18:14:26 +0000 Subject: [PATCH 138/175] Address comments. Signed-off-by: Adam Warner --- README.md | 8 +++++--- build-and-test.sh | 2 +- src/bash_functions.sh | 4 ++++ test/Dockerfile | 2 +- test/cmd.sh | 1 - test/tests/conftest.py | 2 +- test/tests/test_bash_functions.py | 11 ----------- test/tests/test_general.py | 6 ++---- 8 files changed, 14 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index c6c4d75..5c12981 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ services: - "53:53/udp" # Default HTTP Port - "80:80/tcp" - # Default HTTPs Port. FTL Will generate a self-signed certificate + # Default HTTPs Port. FTL will generate a self-signed certificate - "443:443/tcp" # Uncomment the below if using Pi-hole as your DHCP Server #- "67:67/udp" @@ -80,7 +80,9 @@ There are multiple different ways to run DHCP from within your Docker Pi-hole co ## Configuration -It is recommended that you use environment variables to configure the Pi-hole docker container (more details below), however if you are persisting your `/etc/pihole` directory, you may also set them via the web interface or by directly editing `pihole.toml` +It is recommended that you use environment variables to configure the Pi-hole docker container (more details below), however if you are persisting your `/etc/pihole` directory, you may choose instead to set them via the web interface or by directly editing `pihole.toml`. + +**Please Note**: Settings that are set via environment variables effectively become read-only, meaning that you will not be able to change them in the web interface or CLI. This is to ensure a "single source of truth" on the config. ### Web interface password @@ -217,7 +219,7 @@ Valid args are: ### Pi-hole features -Here are some relevant wiki pages from [Pi-hole's documentation](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web). The web interface or command line tools can be used to implement changes to pihole. +Here are some relevant wiki pages from [Pi-hole's documentation](https://docs.pi-hole.net). We install all pihole utilities so the the built in [pihole commands](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738) will work via `docker exec ` like so: diff --git a/build-and-test.sh b/build-and-test.sh index 1efec10..3c34bbd 100755 --- a/build-and-test.sh +++ b/build-and-test.sh @@ -6,7 +6,7 @@ if [[ "$1" == "enter" ]]; then fi GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g") -GIT_TAG=$(git describe --tags --exact-match 2> /dev/null || true) +GIT_TAG=$(git describe --tags --exact-match 2>/dev/null || true) GIT_TAG="${GIT_TAG:-$GIT_BRANCH}" PLATFORM="${PLATFORM:-linux/amd64}" diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 6ea6af1..48cf90d 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -70,6 +70,10 @@ ensure_basic_configuration() { exit 1 fi + setup_web_password +} + +setup_web_password() { # If FTLCONF_webserver_api_password is not set if [ -z "${FTLCONF_webserver_api_password+x}" ]; then # Is this already set to something other than blank (default) in FTL's config file? (maybe in a volume mount) diff --git a/test/Dockerfile b/test/Dockerfile index 3c5e42e..2380232 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -1,5 +1,5 @@ ARG alpine_version="3.19" -ARG docker_version="24.0.7" +ARG docker_version="25.0.4" FROM docker:${docker_version}-cli-alpine${alpine_version} diff --git a/test/cmd.sh b/test/cmd.sh index 193585c..6324a36 100755 --- a/test/cmd.sh +++ b/test/cmd.sh @@ -8,5 +8,4 @@ docker images pihole:${GIT_TAG} python -m black ./test/tests/ # TODO: Add junitxml output and have something consume it -# 2 parallel max b/c race condition with docker fixture (I think?) py.test -vv -n auto ./test/tests/ diff --git a/test/tests/conftest.py b/test/tests/conftest.py index eb1887f..4a35063 100644 --- a/test/tests/conftest.py +++ b/test/tests/conftest.py @@ -37,7 +37,7 @@ def run_and_stream_command_output(): @pytest.fixture() def args_env(): - return '-e TZ="Europe/London" -e FTLCONF_ENV_ONLY=true' + return '-e TZ="Europe/London" -e FTLCONF_dns_upstreams="8.8.8.8"' @pytest.fixture() diff --git a/test/tests/test_bash_functions.py b/test/tests/test_bash_functions.py index 1511fb4..6178cb3 100644 --- a/test/tests/test_bash_functions.py +++ b/test/tests/test_bash_functions.py @@ -18,11 +18,9 @@ def test_ftlconf_dns_upstreams(docker): CMD_SETUP_WEB_PASSWORD = ". bash_functions.sh ; setup_web_password" -@pytest.mark.parametrize("test_args", ['-e "FTLCONF_ENV_ONLY=false"']) def test_random_password_assigned_fresh_start(docker): func = docker.run(CMD_SETUP_WEB_PASSWORD) assert "assigning random password:" in func.stdout - assert "New password set" in func.stdout @pytest.mark.parametrize( @@ -31,12 +29,3 @@ def test_random_password_assigned_fresh_start(docker): def test_password_set_by_envvar(docker): func = docker.run(CMD_SETUP_WEB_PASSWORD) assert "Assigning password defined by Environment Variable" in func.stdout - - -@pytest.mark.parametrize("test_args", ['-e "FTLCONF_ENV_ONLY=true"']) -def test_password_envonly_true(docker): - func = docker.run(CMD_SETUP_WEB_PASSWORD) - assert ( - "No password supplied via FTLCONF_webserver_api_password, but FTLCONF_ENV_ONLY is set to true, using default (none)" - in func.stdout - ) diff --git a/test/tests/test_general.py b/test/tests/test_general.py index a0f5398..78f1604 100644 --- a/test/tests/test_general.py +++ b/test/tests/test_general.py @@ -13,10 +13,8 @@ def test_pihole_gid_env_var(docker): assert "456" in func.stdout -# We immediately remove the adlists.list file so that gravity does not attempt to download a default list -# Wait 5 seconds for gravity to finish, then kill the start.sh script -# Finally, tail the FTL log to see if it shuts down cleanly -@pytest.mark.parametrize("test_args", ['-e "PH_VERBOSE=1"']) +# Wait 5 seconds for startup, then kill the start.sh script +# Finally, tail the FTL log to see if it has been shut down cleanly def test_pihole_ftl_clean_shutdown(docker): func = docker.run( """ From 292a6b961c336bf9a16655054c0399f2a05e2c29 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 16 Mar 2024 01:56:35 +0000 Subject: [PATCH 139/175] Update Dockerfile to use a nifty buildkit feature allowing us to either pull FTL from the web, or use a locally built copy. Add a build script for ease of local building (separate from the build-and-test script). Update Readme with build instructions Signed-off-by: Adam Warner --- README.md | 26 ++++++++++++---- build.sh | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/Dockerfile | 45 +++++++++++++++++---------- 3 files changed, 132 insertions(+), 22 deletions(-) create mode 100755 build.sh diff --git a/README.md b/README.md index 5c12981..199ea78 100644 --- a/README.md +++ b/README.md @@ -205,17 +205,31 @@ Why is this style of upgrading good? A couple reasons: Everyone is starting fro To reconfigure Pi-hole you'll either need to use an existing container environment variables or if there is no a variable for what you need, use the web UI or CLI commands. -### Building an image with alternative component branches +### Building the image locally Occasionally you may need to try an alternative branch of one of the components (`core`,`web`,`ftl`). On bare metal you would run, for example, `pihole checkout core custombranchname`, however in Docker world we have disabled this command as it can cause unpredictable results. -The preferred method is to clone this repository and rebuild the image with the custom branch name passed in as an arg, e.g `docker buildx build src/. --tag pihole_custom --build-arg CORE_BRANCH=custombranchname --no-cache`, and then redeploy your stack with this new image (In this case you should have a local image named `pihole_custom`, but you can call it whatever you want) +The preferred method is to clone this repository and build the image locally with `./build.sh` -Valid args are: +#### Usage: +``` +./build.sh [-l] [-f ] [-c ] [-w ] [-t ] [use_cache] +``` -- `CORE_BRANCH` -- `WEB_BRANCH` -- `FTL_BRANCH` +#### Options: + +- `-f ` / `--ftlbranch `: Specify FTL branch (cannot be used in conjunction with `-l`) +- `-c ` / `--corebranch `: Specify Core branch +- `-w ` / `--webbranch `: Specify Web branch +- `-t ` / `--tag `: Specify Docker image tag (default: `pihole`) +- `-l` / `--local`: Use locally built FTL binary (requires `src/pihole-FTL` file) +- `use_cache`: Enable caching (by default `--no-cache` is used) + +If no options are specified, the following command will be executed: + +``` +docker buildx build src/. --tag pihole --no-cache +``` ### Pi-hole features diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..fd8f076 --- /dev/null +++ b/build.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +# Usage function +usage() { + echo "Usage: $0 [-l] [-f ] [-c ] [-w ] [-t ] [use_cache]" + echo "Options:" + echo " -f, --ftlbranch Specify FTL branch (cannot be used in conjunction with -l)" + echo " -c, --corebranch Specify Core branch" + echo " -w, --webbranch Specify Web branch" + echo " -t, --tag Specify Docker image tag (default: pihole)" + echo " -l, --local Use locally built FTL binary (requires src/pihole-FTL file)" + echo " use_cache Enable caching (by default --no-cache is used)" + echo "" + echo "If no options are specified, the following command will be executed:" + echo " docker buildx build src/. --tag pihole --no-cache" + exit 1 +} + +# Set default values +DOCKER_BUILD_CMD="docker buildx build src/. --tag pihole --no-cache" +FTL_FLAG=false + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + key="$1" + + case $key in + -l | --local) + if [ ! -f "src/pihole-FTL" ]; then + echo "File 'src/pihole-FTL' not found. Exiting." + exit 1 + fi + if [ "$FTL_FLAG" = true ]; then + echo "Error: Both -l and -f cannot be used together." + usage + fi + FTL_FLAG=true + DOCKER_BUILD_CMD+=" --build-arg FTL_SOURCE=local" + shift + ;; + -f | --ftlbranch) + if [ "$FTL_FLAG" = true ]; then + echo "Error: Both -l and -f cannot be used together." + usage + fi + FTL_FLAG=true + FTL_BRANCH="$2" + DOCKER_BUILD_CMD+=" --build-arg FTL_BRANCH=$FTL_BRANCH" + shift + shift + ;; + -c | --corebranch) + CORE_BRANCH="$2" + DOCKER_BUILD_CMD+=" --build-arg CORE_BRANCH=$CORE_BRANCH" + shift + shift + ;; + -w | --webbranch) + WEB_BRANCH="$2" + DOCKER_BUILD_CMD+=" --build-arg WEB_BRANCH=$WEB_BRANCH" + shift + shift + ;; + -t | --tag) + TAG="$2" + DOCKER_BUILD_CMD=${DOCKER_BUILD_CMD/pihole/$TAG} + shift + shift + ;; + use_cache) + DOCKER_BUILD_CMD=${DOCKER_BUILD_CMD/--no-cache/} + shift + ;; + *) + echo "Unknown option: $1" + usage + ;; + esac +done + +# Execute the docker build command +echo "Executing command: $DOCKER_BUILD_CMD" +eval $DOCKER_BUILD_CMD diff --git a/src/Dockerfile b/src/Dockerfile index 8fe0a5d..e4ced6b 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,6 +1,7 @@ # syntax=docker/dockerfile:1 -ARG alpine_version="3.19" -FROM alpine:${alpine_version} +ARG FTL_SOURCE=remote +ARG alpine_version="3.19" +FROM alpine:${alpine_version} as base # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETPLATFORM @@ -43,20 +44,7 @@ ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/${PADD_BRANCH}/p # download a the main repos from github RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/web.git /var/www/html/admin && \ - git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole ;\ - # Download the latest version of pihole-FTL for alpine: - if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ - elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ - elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ - elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ - # Note for the future, "linux/arm6/v8" is not a valid value for TARGETPLATFORM, despite the CI platform name being that. - elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then FTLARCH=arm64; \ - elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ - else FTLARCH=amd64; fi \ - && echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \ - && curl -sSL "https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL \ - && chmod +x /usr/bin/pihole-FTL \ - && readelf -h /usr/bin/pihole-FTL || cat /usr/bin/pihole-FTL + git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole RUN cd /etc/.pihole && \ install -Dm755 -d /opt/pihole && \ @@ -77,6 +65,31 @@ RUN cd /etc/.pihole && \ COPY --chmod=0755 bash_functions.sh /usr/bin/bash_functions.sh COPY --chmod=0755 start.sh /usr/bin/start.sh +## Buildkit can do some fancy stuff and we can use it to either download FTL from ftl.pi-hole.net or use a local copy + +FROM base as remote-ftl-install +# Default stage if FTL_SOURCE is not explicitly set to "local" +# Download the latest version of pihole-FTL for the correct architecture +RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ + elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \ + elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \ + elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \ + # Note for the future, "linux/arm6/v8" is not a valid value for TARGETPLATFORM, despite the CI platform name being that. + elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then FTLARCH=arm64; \ + elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \ + else FTLARCH=amd64; fi \ + && echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \ + && curl -sSL "https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL \ + && chmod +x /usr/bin/pihole-FTL \ + && readelf -h /usr/bin/pihole-FTL || cat /usr/bin/pihole-FTL + +FROM base as local-ftl-install +# pihole-FTL must be built from source and copied to the build directory first! +COPY --chmod=0755 pihole-FTL /usr/bin/pihole-FTL + +# Use the appropriate FTL Install stage based on the FTL_SOURCE build-arg +FROM ${FTL_SOURCE}-ftl-install as final + HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 ENTRYPOINT ["/sbin/tini", "--", "start.sh"] From 1b6469ba747823a918bc7c84ef329c40fbbaa68c Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Thu, 28 Mar 2024 11:40:01 -0700 Subject: [PATCH 140/175] Fix: correct dns upstreams variable name Signed-off-by: shamoon <4887959+shamoon@users.noreply.github.com> --- src/bash_functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 48cf90d..814b8e7 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -65,7 +65,7 @@ ensure_basic_configuration() { if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then echo "" echo " [X] No DNS upstream servers are set!" - echo " [i] Recommended: Set the upstream DNS servers in the environment variable FTLCONF_dns_upstream" + echo " [i] Recommended: Set the upstream DNS servers in the environment variable FTLCONF_dns_upstreams" echo "" exit 1 fi From 2cfebe2cdf33b22e5f47a51b3ac1f5983c56dc4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Apr 2024 17:04:40 +0000 Subject: [PATCH 141/175] Bump eps1lon/actions-label-merge-conflict from 2.1.0 to 3.0.0 Bumps [eps1lon/actions-label-merge-conflict](https://github.com/eps1lon/actions-label-merge-conflict) from 2.1.0 to 3.0.0. - [Release notes](https://github.com/eps1lon/actions-label-merge-conflict/releases) - [Changelog](https://github.com/eps1lon/actions-label-merge-conflict/blob/main/CHANGELOG.md) - [Commits](https://github.com/eps1lon/actions-label-merge-conflict/compare/v2.1.0...v3.0.0) --- updated-dependencies: - dependency-name: eps1lon/actions-label-merge-conflict dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/merge-conflict.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merge-conflict.yml b/.github/workflows/merge-conflict.yml index 424a1c0..89b0398 100644 --- a/.github/workflows/merge-conflict.yml +++ b/.github/workflows/merge-conflict.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check if PRs are have merge conflicts - uses: eps1lon/actions-label-merge-conflict@v2.1.0 + uses: eps1lon/actions-label-merge-conflict@v3.0.0 with: dirtyLabel: "Merge Conflict" repoToken: "${{ secrets.GITHUB_TOKEN }}" From e239b1cae6c0b5c01be4a66f8feb7c92f39e5dad Mon Sep 17 00:00:00 2001 From: Jeff Miller Date: Fri, 19 Apr 2024 16:29:58 -0700 Subject: [PATCH 142/175] Remove obsolete "version" value from example docker-compose.yml in README.md and from examples/docker-compose-caddy-proxy.yml since "Compose doesn't use version to select an exact schema to validate the Compose file, but prefers the most recent schema when it's implemented." See: https://github.com/compose-spec/compose-spec/blob/master/04-version-and-name.md Signed-off-by: Jeff Miller --- README.md | 2 -- examples/docker-compose-caddy-proxy.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/README.md b/README.md index 199ea78..0954a70 100644 --- a/README.md +++ b/README.md @@ -28,8 +28,6 @@ Using [Docker-compose](https://docs.docker.com/compose/install/): ```yml -version: "3" - # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ services: pihole: diff --git a/examples/docker-compose-caddy-proxy.yml b/examples/docker-compose-caddy-proxy.yml index ff4e3f1..0449493 100644 --- a/examples/docker-compose-caddy-proxy.yml +++ b/examples/docker-compose-caddy-proxy.yml @@ -1,5 +1,3 @@ -version: "3" - services: # Caddy example derived from Caddy's own example at https://hub.docker.com/_/caddy From a49600e63d883782be6fab646575a9a447a8d107 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 8 May 2024 21:50:33 +0100 Subject: [PATCH 143/175] Install grep to avoid issues in pihole -w/b with the default busybox grep Signed-off-by: Adam Warner --- src/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index e4ced6b..af4319f 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -21,6 +21,8 @@ RUN apk add --no-cache \ coreutils \ curl \ git \ + # Install grep to avoid issues in pihole -w/b with the default busybox grep + grep \ iproute2-ss \ jq \ libcap \ @@ -34,7 +36,7 @@ RUN apk add --no-cache \ tini \ tzdata \ unzip \ - wget + wget ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db COPY crontab.txt /crontab.txt From 05c305b4af2cd6310a82a1267be92423002cc7b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 May 2024 10:18:26 +0000 Subject: [PATCH 144/175] Bump eps1lon/actions-label-merge-conflict from 3.0.0 to 3.0.1 Bumps [eps1lon/actions-label-merge-conflict](https://github.com/eps1lon/actions-label-merge-conflict) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/eps1lon/actions-label-merge-conflict/releases) - [Changelog](https://github.com/eps1lon/actions-label-merge-conflict/blob/main/CHANGELOG.md) - [Commits](https://github.com/eps1lon/actions-label-merge-conflict/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: eps1lon/actions-label-merge-conflict dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/merge-conflict.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merge-conflict.yml b/.github/workflows/merge-conflict.yml index 89b0398..857aef0 100644 --- a/.github/workflows/merge-conflict.yml +++ b/.github/workflows/merge-conflict.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check if PRs are have merge conflicts - uses: eps1lon/actions-label-merge-conflict@v3.0.0 + uses: eps1lon/actions-label-merge-conflict@v3.0.1 with: dirtyLabel: "Merge Conflict" repoToken: "${{ secrets.GITHUB_TOKEN }}" From fdfc6ce0368fb5504f0b64ee4ea82108f7013f37 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 27 May 2024 18:05:20 +0100 Subject: [PATCH 145/175] Update DOCKER_BUILD_CMD in build.sh to include the "--load" flag Signed-off-by: Adam Warner --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index fd8f076..e421bf8 100755 --- a/build.sh +++ b/build.sh @@ -17,7 +17,7 @@ usage() { } # Set default values -DOCKER_BUILD_CMD="docker buildx build src/. --tag pihole --no-cache" +DOCKER_BUILD_CMD="docker buildx build src/. --tag pihole --load --no-cache" FTL_FLAG=false # Parse command line arguments From 4c8066a9e075cf0a08654ce3b66c8cd122541629 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 27 May 2024 22:39:55 +0100 Subject: [PATCH 146/175] Change default value of PIHOLE_DOCKER_TAG in dockerfile Signed-off-by: Adam Warner --- src/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index af4319f..b542263 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -8,7 +8,7 @@ ARG TARGETPLATFORM ARG WEB_BRANCH="development-v6" ARG CORE_BRANCH="development-v6" ARG FTL_BRANCH="development-v6" -ARG PIHOLE_DOCKER_TAG="unknown" +ARG PIHOLE_DOCKER_TAG="dev-localbuild" ARG PADD_BRANCH="PADD_FTLv6" ENV DNSMASQ_USER=pihole From d7418575e83b744d48c7881743dbed6051a446c6 Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Mon, 27 May 2024 22:09:45 -0300 Subject: [PATCH 147/175] Add forgotten `--load` argument to the help text Signed-off-by: RD WebDesign --- build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sh b/build.sh index e421bf8..22d7e7c 100755 --- a/build.sh +++ b/build.sh @@ -12,7 +12,7 @@ usage() { echo " use_cache Enable caching (by default --no-cache is used)" echo "" echo "If no options are specified, the following command will be executed:" - echo " docker buildx build src/. --tag pihole --no-cache" + echo " docker buildx build src/. --tag pihole --load --no-cache" exit 1 } From 42fab8748b57388cdcafd08efad0d021d874e1f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jun 2024 10:35:42 +0000 Subject: [PATCH 148/175] Bump eps1lon/actions-label-merge-conflict from 3.0.1 to 3.0.2 Bumps [eps1lon/actions-label-merge-conflict](https://github.com/eps1lon/actions-label-merge-conflict) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/eps1lon/actions-label-merge-conflict/releases) - [Changelog](https://github.com/eps1lon/actions-label-merge-conflict/blob/main/CHANGELOG.md) - [Commits](https://github.com/eps1lon/actions-label-merge-conflict/compare/v3.0.1...v3.0.2) --- updated-dependencies: - dependency-name: eps1lon/actions-label-merge-conflict dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/merge-conflict.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merge-conflict.yml b/.github/workflows/merge-conflict.yml index 857aef0..c24de2c 100644 --- a/.github/workflows/merge-conflict.yml +++ b/.github/workflows/merge-conflict.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check if PRs are have merge conflicts - uses: eps1lon/actions-label-merge-conflict@v3.0.1 + uses: eps1lon/actions-label-merge-conflict@v3.0.2 with: dirtyLabel: "Merge Conflict" repoToken: "${{ secrets.GITHUB_TOKEN }}" From 259e3bd7555669d189193b10a956fc4841b22dcf Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 2 Jun 2024 15:23:04 +0100 Subject: [PATCH 149/175] Remove no-longer-existing env variable from Advanced Variables section Signed-off-by: Adam Warner --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 0954a70..3ef97b6 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,6 @@ To explicitly set no password, set `FTLCONF_webserver_api_password: ''` | Variable | Default | Value | Description | | -------- | ------- | ----- | ---------- | | `FTL_CMD` | `no-daemon` | `no-daemon -- ` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. | -| `FTLCONF_ENV_ONLY`|unset|``|If set to true, FTL will use default values for all config values unless explicitly set as an environment variable| | `DNSMASQ_USER` | unset | `` | Allows changing the user that FTLDNS runs as. Default: `pihole`, some systems such as Synology NAS may require you to change this to `root` (See [#963](https://github.com/pi-hole/docker-pi-hole/issues/963)) | | `ADDITIONAL_PACKAGES`| unset | Space separated list of APKs | HERE BE DRAGONS. Mostly for development purposes, this just makes it easier for those of us that always like to have whatever additional tools we need inside the container for debugging | From d44789054ce847c42e068caac0abea72f8a4ff60 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 2 Jun 2024 15:24:55 +0100 Subject: [PATCH 150/175] Add note about FTL reverting to default if env var is unset Signed-off-by: Adam Warner --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ef97b6..dc41fc4 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ There are multiple different ways to run DHCP from within your Docker Pi-hole co It is recommended that you use environment variables to configure the Pi-hole docker container (more details below), however if you are persisting your `/etc/pihole` directory, you may choose instead to set them via the web interface or by directly editing `pihole.toml`. -**Please Note**: Settings that are set via environment variables effectively become read-only, meaning that you will not be able to change them in the web interface or CLI. This is to ensure a "single source of truth" on the config. +**Please Note**: Settings that are set via environment variables effectively become read-only, meaning that you will not be able to change them in the web interface or CLI. This is to ensure a "single source of truth" on the config. If you later unset an environment variable, then FTL will revert to the default value for that setting. ### Web interface password From f34c9c8c45ddc8adf71193614cbd7343d25f0829 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 5 Jun 2024 21:03:40 +0100 Subject: [PATCH 151/175] Update DNS upstream servers in quick start compose example to use semicolon as separator Signed-off-by: Adam Warner --- README.md | 2 +- examples/docker-compose-caddy-proxy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dc41fc4..c6ca1a1 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ services: # Set a password to access the web interface. Not setting one will result in a random password being assigned FTLCONF_webserver_api_password: 'correct horse battery staple' # Configure DNS upstream servers, e.g: - FTLCONF_dns_upstreams: '8.8.8.8, 8.8.4.4' + FTLCONF_dns_upstreams: '8.8.8.8;8.8.4.4' # Volumes store your data between container upgrades volumes: # For persisting Pi-hole's databases and common configuration file diff --git a/examples/docker-compose-caddy-proxy.yml b/examples/docker-compose-caddy-proxy.yml index 0449493..49e6fde 100644 --- a/examples/docker-compose-caddy-proxy.yml +++ b/examples/docker-compose-caddy-proxy.yml @@ -37,7 +37,7 @@ services: # Set a password to access the web interface. Not setting one will result in a random password being assigned FTLCONF_webserver_api_password: 'correct horse battery staple' # Configure DNS upstream servers, e.g: - FTLCONF_dns_upstreams: '8.8.8.8, 8.8.4.4' + FTLCONF_dns_upstreams: '8.8.8.8;8.8.4.4' # Volumes store your data between container upgrades volumes: # For persisting Pi-hole's databases and common configuration file From 63f36bfdd5cd77171d1c9325014cf0a3990fb040 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 8 Jun 2024 11:04:52 +0200 Subject: [PATCH 152/175] Add CAP_SYS_TIME in the container if available Signed-off-by: DL6ER --- README.md | 1 + src/bash_functions.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index c6ca1a1..85a6eeb 100644 --- a/README.md +++ b/README.md @@ -251,6 +251,7 @@ The webserver and DNS service inside the container can be customized if necessar - `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets) - `CAP_SYS_NICE`: FTL sets itself as an important process to get some more processing time if the latter is running low - `CAP_CHOWN`: we need to be able to change ownership of log files and databases in case FTL is started as a different user than `pihole` +- `CAP_SYS_TIME`: FTL needs to be able to set the system time to update it using the Network Time Protocol (NTP) in the background This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\ By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\ diff --git a/src/bash_functions.sh b/src/bash_functions.sh index 814b8e7..a455e1a 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -112,6 +112,7 @@ fix_capabilities() { capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW' capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false' capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE' + capsh --has-p=cap_sys_time 2>/dev/null && CAP_STR+=',CAP_SYS_TIME' if [[ ${CAP_STR} ]]; then # We have the (some of) the above caps available to us - apply them to pihole-FTL From ecdaa430335b0f39b7a9cedc390605534978f8d6 Mon Sep 17 00:00:00 2001 From: alexis-opolka <53085471+alexis-opolka@users.noreply.github.com> Date: Wed, 12 Jun 2024 03:25:36 +0200 Subject: [PATCH 153/175] Update github user reference Signed-off-by: alexis-opolka <53085471+alexis-opolka@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 85a6eeb..2cd2b21 100644 --- a/README.md +++ b/README.md @@ -164,7 +164,7 @@ Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq. ## Installing on Dokku -@Rikj000 has produced a guide to assist users [installing Pi-hole on Dokku](https://github.com/Rikj000/Pihole-Dokku-Installation) +[@Rikj000](https://github.com/Rikj000/) has produced a guide to assist users [installing Pi-hole on Dokku](https://github.com/Rikj000/Pihole-Dokku-Installation) ## Docker tags and versioning From f9dd3dfa1dce4145be902dd6d0b405949c92330c Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 22 Jun 2024 12:21:28 +0100 Subject: [PATCH 154/175] Add PADD branch switch to build script. Fix casing of as->AS in Dockerfile to silence a warning about casing Signed-off-by: Adam Warner --- build.sh | 7 +++++++ src/Dockerfile | 8 ++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/build.sh b/build.sh index 22d7e7c..61f4a58 100755 --- a/build.sh +++ b/build.sh @@ -7,6 +7,7 @@ usage() { echo " -f, --ftlbranch Specify FTL branch (cannot be used in conjunction with -l)" echo " -c, --corebranch Specify Core branch" echo " -w, --webbranch Specify Web branch" + echo " -p, --paddbranch Specify PADD branch" echo " -t, --tag Specify Docker image tag (default: pihole)" echo " -l, --local Use locally built FTL binary (requires src/pihole-FTL file)" echo " use_cache Enable caching (by default --no-cache is used)" @@ -61,6 +62,12 @@ while [[ $# -gt 0 ]]; do shift shift ;; + -p | --paddbranch) + PADD_BRANCH="$2" + DOCKER_BUILD_CMD+=" --build-arg PADD_BRANCH=$PADD_BRANCH" + shift + shift + ;; -t | --tag) TAG="$2" DOCKER_BUILD_CMD=${DOCKER_BUILD_CMD/pihole/$TAG} diff --git a/src/Dockerfile b/src/Dockerfile index b542263..939be15 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG FTL_SOURCE=remote ARG alpine_version="3.19" -FROM alpine:${alpine_version} as base +FROM alpine:${alpine_version} AS base # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETPLATFORM @@ -69,7 +69,7 @@ COPY --chmod=0755 start.sh /usr/bin/start.sh ## Buildkit can do some fancy stuff and we can use it to either download FTL from ftl.pi-hole.net or use a local copy -FROM base as remote-ftl-install +FROM base AS remote-ftl-install # Default stage if FTL_SOURCE is not explicitly set to "local" # Download the latest version of pihole-FTL for the correct architecture RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ @@ -85,12 +85,12 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ && chmod +x /usr/bin/pihole-FTL \ && readelf -h /usr/bin/pihole-FTL || cat /usr/bin/pihole-FTL -FROM base as local-ftl-install +FROM base AS local-ftl-install # pihole-FTL must be built from source and copied to the build directory first! COPY --chmod=0755 pihole-FTL /usr/bin/pihole-FTL # Use the appropriate FTL Install stage based on the FTL_SOURCE build-arg -FROM ${FTL_SOURCE}-ftl-install as final +FROM ${FTL_SOURCE}-ftl-install AS final HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1 From 425ecb39b83a54eee3121b42eb091adbcd09d8f8 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 22 Jun 2024 12:31:15 +0100 Subject: [PATCH 155/175] Not sure how this ever worked, or why it has suddenly started causing issues if it did work. Remove trailing `.` from the pytest version in requirements.txt Signed-off-by: Adam Warner --- .github/workflows/build-and-test.yml | 4 ++-- test/requirements.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index e5f2041..598f908 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -19,7 +19,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@v3 with: - platforms: ${{ matrix.platform}} + platforms: ${{ matrix.platform }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -27,4 +27,4 @@ jobs: - name: Run Tests run: | echo "Building image to test" - PLATFORM=${{ matrix.platform}} ./build-and-test.sh \ No newline at end of file + PLATFORM=${{ matrix.platform }} ./build-and-test.sh \ No newline at end of file diff --git a/test/requirements.txt b/test/requirements.txt index e41b194..6782a06 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -1,4 +1,4 @@ -pytest == 7.4. +pytest == 7.4 pytest-xdist == 3.5.0 pytest-testinfra == 10.0.0 black == 23.12.0 From 20145db333f05fa92bd01715cb53f886899a7f8a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sat, 22 Jun 2024 12:44:12 +0100 Subject: [PATCH 156/175] silende JSONArgsRecommended warning in test build Signed-off-by: Adam Warner --- test/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/Dockerfile b/test/Dockerfile index 2380232..da65f29 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -18,5 +18,5 @@ RUN apk add --no-cache \ # Tests fall over without it. Investigate later. && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.11/site-packages/testinfra/backend/docker.py -ENTRYPOINT entrypoint.sh -CMD cmd.sh +ENTRYPOINT ["/bin/sh","-c","entrypoint.sh"] +CMD ["/bin/sh","-c","cmd.sh"] From d28c37e1e50ff54d2764e021f27cfcf5690e9e70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 24 Jun 2024 18:17:24 +0200 Subject: [PATCH 157/175] Remove entrypoint.sh as it is not needed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- build-and-test.sh | 5 +++-- test/Dockerfile | 5 ++--- test/entrypoint.sh | 1 - 3 files changed, 5 insertions(+), 6 deletions(-) delete mode 100644 test/entrypoint.sh diff --git a/build-and-test.sh b/build-and-test.sh index 3c34bbd..c56b0c8 100755 --- a/build-and-test.sh +++ b/build-and-test.sh @@ -2,7 +2,8 @@ set -ex if [[ "$1" == "enter" ]]; then - enter="-it --entrypoint=sh" + enter="-it" + cmd="sh" fi GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g") @@ -20,4 +21,4 @@ docker run --rm \ --env GIT_TAG="${GIT_TAG}" \ --env PY_COLORS=1 \ --env TARGETPLATFORM="${PLATFORM}" \ - ${enter} image_pipenv + ${enter} image_pipenv ${cmd} diff --git a/test/Dockerfile b/test/Dockerfile index da65f29..fa2ceb9 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -4,7 +4,6 @@ ARG docker_version="25.0.4" FROM docker:${docker_version}-cli-alpine${alpine_version} COPY --chmod=0755 ./cmd.sh /usr/local/bin/cmd.sh -COPY --chmod=0755 ./entrypoint.sh /usr/local/bin/entrypoint.sh COPY requirements.txt /root/ WORKDIR /root @@ -18,5 +17,5 @@ RUN apk add --no-cache \ # Tests fall over without it. Investigate later. && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.11/site-packages/testinfra/backend/docker.py -ENTRYPOINT ["/bin/sh","-c","entrypoint.sh"] -CMD ["/bin/sh","-c","cmd.sh"] +SHELL ["/bin/sh", "-c"] +CMD ["cmd.sh"] diff --git a/test/entrypoint.sh b/test/entrypoint.sh deleted file mode 100644 index dce4fc1..0000000 --- a/test/entrypoint.sh +++ /dev/null @@ -1 +0,0 @@ -set -ex && cmd.sh \ No newline at end of file From f610db6d0c512e244018bdb5f694a8c6114369fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 18:08:50 +0000 Subject: [PATCH 158/175] Bump docker/build-push-action from 5 to 6 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index b4e3401..28434cb 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -62,7 +62,7 @@ jobs: - name: Build container and push by digest id: build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: ./src/ platforms: ${{ matrix.platform }} From a7565e2b23b70357fb6fc47e0bd4d877435f292e Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 30 Jun 2024 21:14:45 +0100 Subject: [PATCH 159/175] Default upstream DNS to Google and remove the mention of the environment variable from the quickstart compose file. Signed-off-by: Adam Warner --- README.md | 4 +--- examples/docker-compose-caddy-proxy.yml | 4 +--- src/bash_functions.sh | 9 +++------ 3 files changed, 5 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 2cd2b21..b1b6aa8 100644 --- a/README.md +++ b/README.md @@ -47,9 +47,7 @@ services: # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g: TZ: 'Europe/London' # Set a password to access the web interface. Not setting one will result in a random password being assigned - FTLCONF_webserver_api_password: 'correct horse battery staple' - # Configure DNS upstream servers, e.g: - FTLCONF_dns_upstreams: '8.8.8.8;8.8.4.4' + FTLCONF_webserver_api_password: 'correct horse battery staple' # Volumes store your data between container upgrades volumes: # For persisting Pi-hole's databases and common configuration file diff --git a/examples/docker-compose-caddy-proxy.yml b/examples/docker-compose-caddy-proxy.yml index 49e6fde..28e7d11 100644 --- a/examples/docker-compose-caddy-proxy.yml +++ b/examples/docker-compose-caddy-proxy.yml @@ -35,9 +35,7 @@ services: # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g: TZ: 'Europe/London' # Set a password to access the web interface. Not setting one will result in a random password being assigned - FTLCONF_webserver_api_password: 'correct horse battery staple' - # Configure DNS upstream servers, e.g: - FTLCONF_dns_upstreams: '8.8.8.8;8.8.4.4' + FTLCONF_webserver_api_password: 'correct horse battery staple' # Volumes store your data between container upgrades volumes: # For persisting Pi-hole's databases and common configuration file diff --git a/src/bash_functions.sh b/src/bash_functions.sh index a455e1a..d732199 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -62,12 +62,9 @@ ensure_basic_configuration() { fi # If getFTLConfigValue "dns.upstreams" returns [], exit the container. We need upstream servers to function! - if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then - echo "" - echo " [X] No DNS upstream servers are set!" - echo " [i] Recommended: Set the upstream DNS servers in the environment variable FTLCONF_dns_upstreams" - echo "" - exit 1 + if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then + echo " [i] No DNS upstream set in environment or config file, defaulting to Google DNS" + setFTLConfigValue "dns.upstreams" "[\"8.8.8.8\", \"8.8.4.4\"]" fi setup_web_password From 99f459e30fe8a9fd8a8b40e99f3a41814d7a1078 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 30 Jun 2024 23:30:22 +0200 Subject: [PATCH 160/175] Using grep instead of tailing FTL.log as func.stdout only captures a few lines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/tests/test_general.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/tests/test_general.py b/test/tests/test_general.py index 78f1604..1da0579 100644 --- a/test/tests/test_general.py +++ b/test/tests/test_general.py @@ -14,14 +14,14 @@ def test_pihole_gid_env_var(docker): # Wait 5 seconds for startup, then kill the start.sh script -# Finally, tail the FTL log to see if it has been shut down cleanly +# Finally, grep the FTL log to see if it has been shut down cleanly def test_pihole_ftl_clean_shutdown(docker): func = docker.run( """ sleep 5 killall --signal 15 start.sh sleep 5 - tail -f /var/log/pihole-FTL.log + grep 'jmpret\|terminated' /var/log/pihole/FTL.log """ ) assert "INFO: Shutting down... // exit code 0 // jmpret 0" in func.stdout From 2922fbdc428c7e9b80190f7841c68d33b8c28d6d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 2 Jul 2024 20:02:15 +0100 Subject: [PATCH 161/175] Update src/bash_functions.sh Co-authored-by: yubiuser Signed-off-by: Adam Warner --- src/bash_functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index d732199..cc4f1c8 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -61,7 +61,7 @@ ensure_basic_configuration() { chown pihole:pihole /macvendor.db fi - # If getFTLConfigValue "dns.upstreams" returns [], exit the container. We need upstream servers to function! + # If getFTLConfigValue "dns.upstreams" returns [], default to Google's DNS server if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then echo " [i] No DNS upstream set in environment or config file, defaulting to Google DNS" setFTLConfigValue "dns.upstreams" "[\"8.8.8.8\", \"8.8.4.4\"]" From 80bea32740e661286c20b4221945ac24ea3af6fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 1 Jul 2024 21:00:20 +0200 Subject: [PATCH 162/175] Add pytest-clarity to test environment to improve error log output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/test/requirements.txt b/test/requirements.txt index 6782a06..67aaf74 100644 --- a/test/requirements.txt +++ b/test/requirements.txt @@ -2,3 +2,4 @@ pytest == 7.4 pytest-xdist == 3.5.0 pytest-testinfra == 10.0.0 black == 23.12.0 +pytest-clarity == 1.0.1 From c26e71edfd712b3d5cf3afbcfff9539ea962066c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 2 Jul 2024 08:20:47 +0200 Subject: [PATCH 163/175] Set column width to 120 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- test/cmd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cmd.sh b/test/cmd.sh index 6324a36..ef40a29 100755 --- a/test/cmd.sh +++ b/test/cmd.sh @@ -8,4 +8,4 @@ docker images pihole:${GIT_TAG} python -m black ./test/tests/ # TODO: Add junitxml output and have something consume it -py.test -vv -n auto ./test/tests/ +COLUMNS=120 py.test -vv -n auto ./test/tests/ From 1c6c1b307562fb8fd3a0d9c85a7bd93231ddf3cf Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Tue, 6 Aug 2024 12:33:43 +0100 Subject: [PATCH 164/175] bump alpine to 3.20 Signed-off-by: Adam Warner --- src/Dockerfile | 2 +- test/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index 939be15..c68d6b4 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 ARG FTL_SOURCE=remote -ARG alpine_version="3.19" +ARG alpine_version="3.20" FROM alpine:${alpine_version} AS base # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope diff --git a/test/Dockerfile b/test/Dockerfile index fa2ceb9..601505d 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -1,5 +1,5 @@ -ARG alpine_version="3.19" -ARG docker_version="25.0.4" +ARG alpine_version="3.20" +ARG docker_version="27.1.1" FROM docker:${docker_version}-cli-alpine${alpine_version} From c0d822f35e5e927a591acb21ce2d933de27da745 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Wed, 7 Aug 2024 21:45:19 +0200 Subject: [PATCH 165/175] Fix tests Signed-off-by: yubiuser --- test/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/Dockerfile b/test/Dockerfile index 601505d..b0b2b5a 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -13,9 +13,8 @@ RUN apk add --no-cache \ curl \ && pip3 install --break-system-packages --no-cache-dir -U pip \ && pip3 install --break-system-packages --no-cache-dir -r requirements.txt \ - # Not 100% sure what this line does, but it's always been in the Dockerfile (aside from pointing at a different file) - # Tests fall over without it. Investigate later. - && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.11/site-packages/testinfra/backend/docker.py + # Replace hardcoded /bin/sh with /bin/bash in testinfra docker backend + && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.12/site-packages/testinfra/backend/docker.py SHELL ["/bin/sh", "-c"] CMD ["cmd.sh"] From 953cee40193ea8a33d26d00e462e683e12e276bc Mon Sep 17 00:00:00 2001 From: yubiuser Date: Fri, 9 Aug 2024 12:21:08 +0200 Subject: [PATCH 166/175] No need to remember to update the python version Signed-off-by: yubiuser --- test/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/Dockerfile b/test/Dockerfile index b0b2b5a..ad198e7 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -14,7 +14,9 @@ RUN apk add --no-cache \ && pip3 install --break-system-packages --no-cache-dir -U pip \ && pip3 install --break-system-packages --no-cache-dir -r requirements.txt \ # Replace hardcoded /bin/sh with /bin/bash in testinfra docker backend - && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.12/site-packages/testinfra/backend/docker.py + # see https://github.com/pytest-dev/pytest-testinfra/issues/582 and similar issues + && pythonversion=$(python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))') \ + && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python${pythonversion}/site-packages/testinfra/backend/docker.py SHELL ["/bin/sh", "-c"] CMD ["cmd.sh"] From 353094cf4320e9f6759f7a7f20e0ae3d60ca9ca3 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Wed, 14 Aug 2024 17:57:05 +0100 Subject: [PATCH 167/175] correct directory for local FTL binary Signed-off-by: Adam Warner --- src/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dockerfile b/src/Dockerfile index c68d6b4..373f782 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -86,7 +86,7 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \ && readelf -h /usr/bin/pihole-FTL || cat /usr/bin/pihole-FTL FROM base AS local-ftl-install -# pihole-FTL must be built from source and copied to the build directory first! +# pihole-FTL must be built from source and copied to the src directory first! COPY --chmod=0755 pihole-FTL /usr/bin/pihole-FTL # Use the appropriate FTL Install stage based on the FTL_SOURCE build-arg From c0fa8de914a6cf8996dd40f68c6c099e5f422991 Mon Sep 17 00:00:00 2001 From: yubiuser Date: Sun, 25 Aug 2024 11:51:13 +0200 Subject: [PATCH 168/175] Set default tag for locally build images to pihole:local Signed-off-by: yubiuser --- build.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build.sh b/build.sh index 61f4a58..eafbf95 100755 --- a/build.sh +++ b/build.sh @@ -8,17 +8,17 @@ usage() { echo " -c, --corebranch Specify Core branch" echo " -w, --webbranch Specify Web branch" echo " -p, --paddbranch Specify PADD branch" - echo " -t, --tag Specify Docker image tag (default: pihole)" + echo " -t, --tag Specify Docker image tag (default: pihole:local)" echo " -l, --local Use locally built FTL binary (requires src/pihole-FTL file)" echo " use_cache Enable caching (by default --no-cache is used)" echo "" echo "If no options are specified, the following command will be executed:" - echo " docker buildx build src/. --tag pihole --load --no-cache" + echo " docker buildx build src/. --tag pihole:local --load --no-cache" exit 1 } # Set default values -DOCKER_BUILD_CMD="docker buildx build src/. --tag pihole --load --no-cache" +DOCKER_BUILD_CMD="docker buildx build src/. --tag pihole:local --load --no-cache" FTL_FLAG=false # Parse command line arguments @@ -70,7 +70,7 @@ while [[ $# -gt 0 ]]; do ;; -t | --tag) TAG="$2" - DOCKER_BUILD_CMD=${DOCKER_BUILD_CMD/pihole/$TAG} + DOCKER_BUILD_CMD=${DOCKER_BUILD_CMD/pihole:local/$TAG} shift shift ;; From 794ba9a552be39b0595a7647ae159d5b71f71887 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 25 Aug 2024 13:45:08 +0100 Subject: [PATCH 169/175] Update Readme to reflect new local image tag name Signed-off-by: Adam Warner --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2bf4d5e..5167a68 100644 --- a/README.md +++ b/README.md @@ -216,14 +216,14 @@ The preferred method is to clone this repository and build the image locally wit - `-f ` / `--ftlbranch `: Specify FTL branch (cannot be used in conjunction with `-l`) - `-c ` / `--corebranch `: Specify Core branch - `-w ` / `--webbranch `: Specify Web branch -- `-t ` / `--tag `: Specify Docker image tag (default: `pihole`) +- `-t ` / `--tag `: Specify Docker image tag (default: `pihole:local`) - `-l` / `--local`: Use locally built FTL binary (requires `src/pihole-FTL` file) - `use_cache`: Enable caching (by default `--no-cache` is used) If no options are specified, the following command will be executed: ``` -docker buildx build src/. --tag pihole --no-cache +docker buildx build src/. --tag pihole:local --no-cache ``` ### Pi-hole features From 5a9e67025b0c0799460ed85250fe5ae50801f238 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Sun, 25 Aug 2024 18:35:57 +0100 Subject: [PATCH 170/175] * Clean up some of the output for the container startup * Only start tailing pihole-FTL log from most recent pihole-FTL start * If v5 config files are detected, but no v6 files are, then we must defer some of the configuration until after FTL has migrated the files * move some of the logic from start into bash_functions to make it easier to follow the start Signed-off-by: Adam Warner --- src/bash_functions.sh | 141 ++++++++++++++++++++++++++++++++++++------ src/start.sh | 113 +++++++++++++-------------------- 2 files changed, 165 insertions(+), 89 deletions(-) diff --git a/src/bash_functions.sh b/src/bash_functions.sh index cc4f1c8..6936008 100644 --- a/src/bash_functions.sh +++ b/src/bash_functions.sh @@ -28,31 +28,108 @@ setFTLConfigValue() { pihole-FTL --config "${1}" "${2}" >/dev/null } -# shellcheck disable=SC2034 -ensure_basic_configuration() { - # Force a check of pihole-FTL --config, this will read any environment variables and set them in the config file - # suppress the output as we don't need to see the default values. - getFTLConfigValue >/dev/null +set_uid_gid() { + echo " [i] Setting up user & group for the pihole user" + + currentUid=$(id -u pihole) + + # If PIHOLE_UID is set, modify the pihole group's id to match + if [ -n "${PIHOLE_UID}" ]; then + if [[ ${currentUid} -ne ${PIHOLE_UID} ]]; then + echo " [i] Changing ID for user: pihole (${currentUid} => ${PIHOLE_UID})" + usermod -o -u ${PIHOLE_UID} pihole + else + echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change" + fi + else + echo " [i] PIHOLE_UID not set in environment, using default (${currentUid})" + fi + + currentGid=$(id -g pihole) + + # If PIHOLE_GID is set, modify the pihole group's id to match + if [ -n "${PIHOLE_GID}" ]; then + if [[ ${currentGid} -ne ${PIHOLE_GID} ]]; then + echo " [i] Changing ID for group: pihole (${currentGid} => ${PIHOLE_GID})" + groupmod -o -g ${PIHOLE_GID} pihole + else + echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change" + fi + else + echo " [i] PIHOLE_GID not set in environment, using default (${currentGid})" + fi echo "" - echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh" +} - mkdir -p /var/run/pihole /var/log/pihole - touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log - chown -R pihole:pihole /var/run/pihole /var/log/pihole +install_additional_packages() { + if [ -n "${ADDITIONAL_PACKAGES}" ]; then + echo " [i] Additional packages requested: ${ADDITIONAL_PACKAGES}" + echo " [i] Fetching APK repository metadata." + if ! apk update; then + echo " [i] Failed to fetch APK repository metadata." + else + echo " [i] Installing additional packages: ${ADDITIONAL_PACKAGES}." + # shellcheck disable=SC2086 + if ! apk add --no-cache ${ADDITIONAL_PACKAGES}; then + echo " [i] Failed to install additional packages." + fi + fi + echo "" + fi +} + +start_cron() { + echo " [i] Starting crond for scheduled scripts. Randomizing times for gravity and update checker" + # Randomize gravity update time + sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt + # Randomize update checker time + sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt + /usr/bin/crontab /crontab.txt + + /usr/sbin/crond + echo "" +} + +install_logrotate() { + # Install the logrotate config file - this is done already in Dockerfile + # but if a user has mounted a volume over /etc/pihole, it will have been lost + # pihole-FTL-prestart.sh will set the ownership of the file to root:root + echo " [i] Ensuring logrotate script exists in /etc/pihole" + install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate + echo "" +} + +migrate_gravity() { + echo " [i] Gravity migration checks" + gravityDBfile=$(getFTLConfigValue files.gravity) if [[ -z "${PYTEST}" ]]; then if [[ ! -f /etc/pihole/adlists.list ]]; then + echo " [i] No adlist file found, creating one with a default blocklist" echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >/etc/pihole/adlists.list fi fi - chown -R pihole:pihole /etc/pihole + if [ ! -f "${gravityDBfile}" ]; then + echo " [i] ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." + echo " [i] Gravity will now be run to create the database" + pihole -g + else + echo " [i] Existing gravity database found" + # source the migration script and run the upgrade function + source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh + upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" + fi + echo "" +} - # Install the logrotate config file - this is done already in Dockerfile - # but if a user has mounted a volume over /etc/pihole, it will have been lost - # pihole-FTL-prestart.sh will set the ownership of the file to root:root - install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate +# shellcheck disable=SC2034 +ftl_config() { + + # Force a check of pihole-FTL --config, this will read any environment variables and set them in the config file + # suppress the output as we don't need to see the default values. + getFTLConfigValue >/dev/null # If FTLCONF_files_macvendor is not set if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then @@ -62,9 +139,9 @@ ensure_basic_configuration() { fi # If getFTLConfigValue "dns.upstreams" returns [], default to Google's DNS server - if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then - echo " [i] No DNS upstream set in environment or config file, defaulting to Google DNS" - setFTLConfigValue "dns.upstreams" "[\"8.8.8.8\", \"8.8.4.4\"]" + if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then + echo " [i] No DNS upstream set in environment or config file, defaulting to Google DNS" + setFTLConfigValue "dns.upstreams" "[\"8.8.8.8\", \"8.8.4.4\"]" fi setup_web_password @@ -74,7 +151,7 @@ setup_web_password() { # If FTLCONF_webserver_api_password is not set if [ -z "${FTLCONF_webserver_api_password+x}" ]; then # Is this already set to something other than blank (default) in FTL's config file? (maybe in a volume mount) - if [[ $(pihole-FTL --config webserver.api.pwhash) = \$BALLOON-SHA256* ]]; then + if [[ $(pihole-FTL --config webserver.api.pwhash) ]]; then echo " [i] Password already set in config file" return else @@ -99,6 +176,34 @@ setup_web_password() { fi } +start_ftl() { + + echo " [i] pihole-FTL pre-start checks" + echo "" + + # Remove possible leftovers from previous pihole-FTL processes + rm -f /dev/shm/FTL-* 2>/dev/null + rm -f /run/pihole/FTL.sock + + # Is /var/run/pihole used anymore? Or is this just a hangover from old container version + # /var/log sorted by running pihole-FTL-prestart.sh + # mkdir -p /var/run/pihole /var/log/pihole + # touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log + # chown -R pihole:pihole /var/run/pihole /var/log/pihole /etc/pihole + + fix_capabilities + sh /opt/pihole/pihole-FTL-prestart.sh + + echo " [i] Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}" + capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & + echo "" + + # Notes on above: + # - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env + # - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too + # prevent duplicating it in docker logs by sending to dev null +} + fix_capabilities() { # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container: # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep diff --git a/src/start.sh b/src/start.sh index 71ad54d..4f4eea0 100644 --- a/src/start.sh +++ b/src/start.sh @@ -8,107 +8,78 @@ trap stop TERM INT QUIT HUP ERR start() { + local v5_volume=0 + + # If the file /etc/pihole/setupVars.conf exists, but /etc/pihole/pihole.toml does not, then we are migrating v5->v6 + # FTL Will handle the migration of the config files + if [[ -f /etc/pihole/setupVars.conf && ! -f /etc/pihole/pihole.toml ]]; then + echo " [i] v5 files detected that have not yet been migrated to v6" + echo " [i] Deferring additional configuration until after FTL has started" + echo " [i] Note: It is normal to see \"Config file /etc/pihole/pihole.toml not available (r): No such file or directory\" in the logs at this point" + echo "" + v5_volume=1 + fi + # The below functions are all contained in bash_functions.sh # shellcheck source=/dev/null . /usr/bin/bash_functions.sh - echo " [i] Starting docker specific checks & setup for docker pihole/pihole" - # =========================== # Initial checks # =========================== # If PIHOLE_UID is set, modify the pihole user's id to match - if [ -n "${PIHOLE_UID}" ]; then - currentId=$(id -u pihole) - if [[ ${currentId} -ne ${PIHOLE_UID} ]]; then - echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})" - usermod -o -u ${PIHOLE_UID} pihole - else - echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change" - fi - fi + set_uid_gid - # If PIHOLE_GID is set, modify the pihole group's id to match - if [ -n "${PIHOLE_GID}" ]; then - currentId=$(id -g pihole) - if [[ ${currentId} -ne ${PIHOLE_GID} ]]; then - echo " [i] Changing ID for group: pihole (${currentId} => ${PIHOLE_GID})" - groupmod -o -g ${PIHOLE_GID} pihole - else - echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change" - fi + # Only run the next step if we are not migrating from v5 to v6 + if [[ ${v5_volume} -eq 0 ]]; then + # Configure FTL with any environment variables if needed + echo " [i] Starting FTL configuration" + ftl_config fi - ensure_basic_configuration - # Install additional packages inside the container if requested - if [ -n "${ADDITIONAL_PACKAGES}" ]; then - echo " [i] Fetching APK repository metadata." - if ! apk update; then - echo " [i] Failed to fetch APK repository metadata." - else - echo " [i] Installing additional packages: ${ADDITIONAL_PACKAGES}." - # shellcheck disable=SC2086 - if ! apk add --no-cache ${ADDITIONAL_PACKAGES}; then - echo " [i] Failed to install additional packages." - fi - fi - echo "" - fi - - # Remove possible leftovers from previous pihole-FTL processes - rm -f /dev/shm/FTL-* 2>/dev/null - rm -f /run/pihole/FTL.sock + install_additional_packages # Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc) - # Randomize gravity update time - sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt - # Randomize update checker time - sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt - /usr/bin/crontab /crontab.txt + start_cron - /usr/sbin/crond + # Install the logrotate config file + install_logrotate - #migrate Database if needed: - gravityDBfile=$(getFTLConfigValue files.gravity) + #migrate Gravity Database if needed: + migrate_gravity - if [ ! -f "${gravityDBfile}" ]; then - echo " [i] ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate." - pihole -g - else - # TODO: Revisit this path if we move to a multistage build - source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh - upgrade_gravityDB "${gravityDBfile}" "/etc/pihole" + # Start pihole-FTL + start_ftl + + # Give FTL a couple of seconds to start up + sleep 2 + + # If we are migrating from v5 to v6, we now need to run the basic configuration step that we deferred earlier + # This is because pihole-FTL needs to migrate the config files before we can perform the basic configuration checks + if [[ ${v5_volume} -eq 1 ]]; then + echo " [i] Starting deferred FTL Configuration" + ftl_config + echo "" fi pihole updatechecker - - echo " [i] Docker start setup complete" + pihole -v echo "" - echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}" - echo "" - - # Start pihole-FTL - - fix_capabilities - sh /opt/pihole/pihole-FTL-prestart.sh - capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" & - if [ "${TAIL_FTL_LOG:-1}" -eq 1 ]; then - tail -f /var/log/pihole/FTL.log & + # Start tailing the FTL log from the most recent "FTL Started" message + # Get the line number + startFrom=$(grep -n '########## FTL started' /var/log/pihole/FTL.log | tail -1 | cut -d: -f1) + # Start the tail from the line number + tail -f -n +${startFrom} /var/log/pihole/FTL.log & else echo " [i] FTL log output is disabled. Remove the Environment variable TAIL_FTL_LOG, or set it to 1 to enable FTL log output." fi # https://stackoverflow.com/a/49511035 wait $! - # Notes on above: - # - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env - # - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too - # prevent duplicating it in docker logs by sending to dev null - } stop() { From b012c809b1782a8a3c299e56e3c47461d4c2325d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Sep 2024 17:34:47 +0100 Subject: [PATCH 171/175] Add src/pihole-FTL to .gitignore Signed-off-by: Adam Warner --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index e8f6ff4..0b0d977 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,6 @@ var-log/ # WIP/test stuff doco.yml + +# Ignore FTL Binary if it exists +src/pihole-FTL \ No newline at end of file From 26d0b85942e70a4e5fe1a0920a06f47878b7be6d Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Sep 2024 18:13:20 +0100 Subject: [PATCH 172/175] Quick rename (makes it easier to find in the required checks list) Signed-off-by: Adam Warner --- .github/workflows/build-and-publish.yml | 6 +- .github/workflows/build-and-test.yml | 2 +- .github/workflows/test-and-build-v6.yml | 147 ------------------------ 3 files changed, 3 insertions(+), 152 deletions(-) delete mode 100644 .github/workflows/test-and-build-v6.yml diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 28434cb..2813d35 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -1,10 +1,8 @@ -name: Build and Publish (development-v6) +name: Build Image and Publish on: schedule: - cron: "0 5 * * *" - push: - branches: - - development-v6 + env: dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 598f908..fe8c01c 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -1,4 +1,4 @@ -name: Build and Test (development-v6) +name: Build Image and Test on: pull_request: diff --git a/.github/workflows/test-and-build-v6.yml b/.github/workflows/test-and-build-v6.yml deleted file mode 100644 index 09d2dde..0000000 --- a/.github/workflows/test-and-build-v6.yml +++ /dev/null @@ -1,147 +0,0 @@ -name: Build and Publish (development-v6) -on: - schedule: - - cron: "0 5 * * *" - push: - branches: - - development-v6 - -env: - dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole - ghcr: ghcr.io/${{ github.repository_owner }}/pihole - -jobs: - build: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - platform: [linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64] - alpine_version: [3.19] - include: - - platform: linux/riscv64 - alpine_version: edge - - steps: - - name: Prepare name for digest up/download - run: | - platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: development-v6 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - images: | - ${{ env.dockerhub }} - ${{ env.ghcr }} - flavor: | - latest=false - tags: | - development-v6 - - - name: Login to DockerHub and GitHub Container Registry - uses: ./.github/actions/login-repo - with: - docker_username: ${{ secrets.DOCKERHUB_USER }} - docker_password: ${{ secrets.DOCKERHUB_PASS }} - ghcr_username: ${{ github.repository_owner }} - ghcr_password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: ${{ matrix.platform}} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build container and push by digest - id: build - uses: docker/build-push-action@v6 - with: - context: ./src/ - platforms: ${{ matrix.platform }} - build-args: | - PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} - alpine_version=${{ matrix.alpine_version }} - labels: ${{ steps.meta.outputs.labels }} - outputs: | - type=image,name=${{ env.dockerhub }},push-by-digest=true,name-canonical=true,push=true - - - name: Export digests - run: | - mkdir -p /tmp/digests - digest_docker="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest_docker#sha256:}" - - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-${{ env.PLATFORM_PAIR }} - path: /tmp/digests/* - if-no-files-found: error - retention-days: 1 - - # Merge all the digests into a single file - # If we would push immediately above, the individual runners would overwrite each other's images - # https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners - merge-and-deploy: - runs-on: ubuntu-latest - needs: - - build - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - ref: development-v6 - - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: /tmp/digests - pattern: digests-* - merge-multiple: true - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - images: | - ${{ env.dockerhub }} - ${{ env.ghcr }} - flavor: | - latest=false - tags: | - development-v6 - - - name: Login to DockerHub and GitHub Container Registry - uses: ./.github/actions/login-repo - with: - docker_username: ${{ secrets.DOCKERHUB_USER }} - docker_password: ${{ secrets.DOCKERHUB_PASS }} - ghcr_username: ${{ github.repository_owner }} - ghcr_password: ${{ secrets.GITHUB_TOKEN }} - - - name: Create manifest list and push (DockerHub and GitHub Container Registry) - working-directory: /tmp/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.dockerhub }}@sha256:%s ' *) - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.ghcr }}@sha256:%s ' *) - - - name: Inspect images - run: | - docker buildx imagetools inspect ${{ env.dockerhub }}:${{ steps.meta.outputs.version }} - docker buildx imagetools inspect ${{ env.ghcr }}:${{ steps.meta.outputs.version }} \ No newline at end of file From 7a33749f4efd2588c4aa74a4fc772243dceb79ca Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Sep 2024 18:36:20 +0100 Subject: [PATCH 173/175] Set the flavor and tags in the metadata base on the current build yaml for v5 namely: - schedule = nightly - latest = only on tag/publish - else branch name (on dev) Signed-off-by: Adam Warner --- .github/workflows/build-and-publish.yml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 2813d35..ec03ad1 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -2,6 +2,11 @@ name: Build Image and Publish on: schedule: - cron: "0 5 * * *" + push: + branches: + - dev + release: + types: [published] env: @@ -27,8 +32,15 @@ jobs: echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Checkout Repo + if: github.event_name != 'schedule' uses: actions/checkout@v4 + - name: Checkout dev branch if scheduled + if: github.event_name == 'schedule' + uses: actions/checkout@v4 + with: + ref: dev + - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -38,9 +50,11 @@ jobs: ${{ env.dockerhub }} ${{ env.ghcr }} flavor: | - latest=false + latest=${{ startsWith(github.ref, 'refs/tags/') }} tags: | - development-v6 + type=schedule,pattern=nightly + type=ref,event=branch,enable=${{ github.event_name != 'schedule' }} + type=ref,event=tag - name: Login to DockerHub and GitHub Container Registry uses: ./.github/actions/login-repo @@ -115,9 +129,11 @@ jobs: ${{ env.dockerhub }} ${{ env.ghcr }} flavor: | - latest=false + latest=${{ startsWith(github.ref, 'refs/tags/') }} tags: | - development-v6 + type=schedule,pattern=nightly + type=ref,event=branch,enable=${{ github.event_name != 'schedule' }} + type=ref,event=tag - name: Login to DockerHub and GitHub Container Registry uses: ./.github/actions/login-repo From 32c57752cfcbeb7f0b9c1b3a47ef19279bc59f4a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Sep 2024 21:46:22 +0100 Subject: [PATCH 174/175] `dev` branch becomes `development` Default the component branches in Dockerfile to be `development` (might change to master after full v6 release) Signed-off-by: Adam Warner --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- .github/dependabot.yml | 37 +++---------------------- .github/workflows/build-and-publish.yml | 18 ++++++++++-- .github/workflows/sync-back-to-dev.yml | 2 +- CONTRIBUTING.md | 4 +-- README.md | 4 +-- src/Dockerfile | 8 +++--- 7 files changed, 29 insertions(+), 46 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index f215030..b5eef71 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,4 +1,4 @@ -`{Please select 'base: dev' as target branch above! (you can delete this line)}` +`{Please select 'base: development' as target branch above! (you can delete this line)}` diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a350cbf..06ff60f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,7 +7,7 @@ updates: interval: "weekly" day: saturday time: "10:00" - target-branch: dev + target-branch: development reviewers: - "pi-hole/docker-maintainers" - package-ecosystem: "docker" @@ -16,7 +16,7 @@ updates: interval: "weekly" day: saturday time: "10:00" - target-branch: dev + target-branch: development reviewers: - "pi-hole/docker-maintainers" - package-ecosystem: pip @@ -26,35 +26,6 @@ updates: day: saturday time: "10:00" open-pull-requests-limit: 10 - target-branch: dev + target-branch: development reviewers: - - "pi-hole/docker-maintainers" - # Maintain dependencies for GitHub Actions development-v6 - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - day: saturday - time: "10:00" - target-branch: development-v6 - reviewers: - - "pi-hole/docker-maintainers" - - package-ecosystem: "docker" - directory: "/src/" - schedule: - interval: "weekly" - day: saturday - time: "10:00" - target-branch: development-v6 - reviewers: - - "pi-hole/docker-maintainers" - - package-ecosystem: pip - directory: "/test" - schedule: - interval: weekly - day: saturday - time: "10:00" - open-pull-requests-limit: 10 - target-branch: development-v6 - reviewers: - - "pi-hole/docker-maintainers" + - "pi-hole/docker-maintainers" \ No newline at end of file diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index ec03ad1..d8cf2ae 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -4,7 +4,7 @@ on: - cron: "0 5 * * *" push: branches: - - dev + - development release: types: [published] @@ -12,6 +12,7 @@ on: env: dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole ghcr: ghcr.io/${{ github.repository_owner }}/pihole + components_branch: ${{ startsWith(github.ref, 'refs/tags/') && 'master' || 'development' }} jobs: build: @@ -39,7 +40,7 @@ jobs: if: github.event_name == 'schedule' uses: actions/checkout@v4 with: - ref: dev + ref: development - name: Docker meta id: meta @@ -80,7 +81,11 @@ jobs: platforms: ${{ matrix.platform }} build-args: | PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} - alpine_version=${{ matrix.alpine_version }} + alpine_version=${{ matrix.alpine_version }} + FTL_BRANCH=${{ env.components_branch }} + CORE_BRANCH=${{ env.components_branch }} + WEB_BRANCH=${{ env.components_branch }} + PADD_BRANCH=${{ env.components_branch }} labels: ${{ steps.meta.outputs.labels }} outputs: | type=image,name=${{ env.dockerhub }},push-by-digest=true,name-canonical=true,push=true @@ -108,8 +113,15 @@ jobs: - build steps: - name: Checkout Repo + if: github.event_name != 'schedule' uses: actions/checkout@v4 + - name: Checkout dev branch if scheduled + if: github.event_name == 'schedule' + uses: actions/checkout@v4 + with: + ref: development + - name: Download digests uses: actions/download-artifact@v4 with: diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml index fb0e831..28dd1b5 100644 --- a/.github/workflows/sync-back-to-dev.yml +++ b/.github/workflows/sync-back-to-dev.yml @@ -13,6 +13,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Opening pull request - run: gh pr create -B dev -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal' + run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4bcb67f..81bcc83 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,8 +2,8 @@ Please review the following before opening a pull request (PR) to help your PR go smoothly: -* Code changes go to the `dev` branch first - * To ensure proper testing and quality control, target any code change pull requests against `dev` branch. +* Code changes go to the `development` branch first + * To ensure proper testing and quality control, target any code change pull requests against `development` branch. * Make sure the tests pass * Take a look at [TESTING.md](test/TESTING.md) to see how to run tests locally so you do not have to push all your code to a PR and have GitHub Actions run it. diff --git a/README.md b/README.md index 5167a68..8500500 100644 --- a/README.md +++ b/README.md @@ -175,9 +175,9 @@ The Date-based (including incremented "Patch" versions) do not relate to any kin | `latest` | Always latest release | | `2022.04.0` | Date-based release | | `2022.04.1` | Second release in a given month | -| `dev` | Similar to `latest`, but for the development branch (pushed occasionally) | +| `development` | Similar to `latest`, but for the development branch (pushed occasionally) | | `*beta` | Early beta releases of upcoming versions - here be dragons | -| `nightly` | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, web, FTL) | +| `nightly` | Like `development` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, web, FTL) | ## Upgrading, Persistence, and Customizations diff --git a/src/Dockerfile b/src/Dockerfile index 373f782..f822bfd 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -5,11 +5,11 @@ FROM alpine:${alpine_version} AS base # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETPLATFORM -ARG WEB_BRANCH="development-v6" -ARG CORE_BRANCH="development-v6" -ARG FTL_BRANCH="development-v6" +ARG WEB_BRANCH="development" +ARG CORE_BRANCH="development" +ARG FTL_BRANCH="development" ARG PIHOLE_DOCKER_TAG="dev-localbuild" -ARG PADD_BRANCH="PADD_FTLv6" +ARG PADD_BRANCH="development" ENV DNSMASQ_USER=pihole ENV FTL_CMD=no-daemon From 9e39ed34e00e64df5386968477799ecdcd640d0a Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 2 Sep 2024 21:55:43 +0100 Subject: [PATCH 175/175] Disbale arm64 testing for the time being Signed-off-by: Adam Warner --- .github/workflows/build-and-test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index fe8c01c..12d0997 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -11,7 +11,9 @@ jobs: # Official docker images for docker are only available for amd64 and arm64 # TODO: Look at: https://github.com/docker-library/official-images#architectures-other-than-amd64 # Is testing on all platforms really necessary? - platform: [linux/amd64, linux/arm64] + # Disabled arm64 tests for the time being, something is wrong with the test config and the volumes are getting shared between the test containers on different architectures + #platform: [linux/amd64, linux/arm64] + platform: [linux/amd64] steps: - name: Checkout Repo uses: actions/checkout@v4