Merge branch 'dev' of https://github.com/AlexandreRatte/docker-pi-hole into Issue_778

Signed-off-by: Alexandre Ratte <alexandre.ratte@gmail.com>

Dockerfile

@@ -9,7 +9,8 @@ ENV S6OVERLAY_RELEASE "https://github.com/just-containers/s6-overlay/releases/do
 
 COPY install.sh /usr/local/bin/install.sh
 COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
+COPY VERSIONS /etc/pi-hole-versions
+ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh
 
 RUN bash -ex install.sh 2>&1 && \
     rm -rf /var/cache/apt/archives /var/lib/apt/lists/*

README.md

@@ -37,6 +37,7 @@ services:
     restart: unless-stopped
 ```
 2. Run `docker-compose up --detach` to build and start pi-hole
+3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting
 
 [Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh).
 
@@ -108,6 +109,7 @@ There are other environment variables if you want to customize various things in
 | `INTERFACE: <NIC>`<br/> *Advanced/Optional* | The default works fine with our basic example docker run commands.  If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
 | `DNSMASQ_LISTENING: <local\|all\|single>`<br/> *Advanced/Optional* | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified.
 | `WEB_PORT: <PORT>`<br/> *Advanced/Optional* | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
+| `CUSTOM_CACHE_SIZE: <size>`<br/> *Advanced/Optional: Default: '10000'* | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored.
 | `DNSMASQ_USER: <pihole\|root>`<br/> *Experimental Default: root* | Allows running FTLDNS as non-root.
 | `TEMPERATUREUNIT`: <c\|k\|f><br/>*Optional Default: c* | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
 | `WEBUIBOXEDLAYOUT: <boxed\|traditional>`<br/>*Optional Default: boxed* | Use boxed layout (helpful when working on large screens)
@@ -161,6 +163,7 @@ Here is a rundown of other arguments for your docker-compose / docker run.
   * Ubuntu users see below for more detailed information
 * You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port.
   * [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/docker-compose-jwilder-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read jwilder/proxy readme for more info if you have trouble.
+* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins".
 
 ### Installing on Ubuntu
 Modern releases of Ubuntu (17.10+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.

VERSIONS

@@ -0,0 +1,3 @@
+CORE_VERSION=v5.3.1
+WEB_VERSION=v5.5
+FTL_VERSION=v5.8.1

bash_functions.sh

@@ -13,7 +13,7 @@ fix_capabilities() {
 
 prepare_configs() {
     # Done in /start.sh, don't do twice
-    PH_TEST=true . $PIHOLE_INSTALL
+    PH_TEST=true . "${PIHOLE_INSTALL}"
     # Set Debian webserver variables for installConfigs
     LIGHTTPD_USER="www-data"
     LIGHTTPD_GROUP="www-data"
@@ -103,6 +103,7 @@ setup_dnsmasq() {
     setup_dnsmasq_interface "$interface"
     setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour"
     setup_dnsmasq_user "${DNSMASQ_USER}"
+    setup_cache_size "${CUSTOM_CACHE_SIZE}"
     ProcessDNSSettings
 }
 
@@ -157,6 +158,32 @@ setup_dnsmasq_hostnames() {
     fi
 }
 
+setup_cache_size() {
+    local warning="WARNING: CUSTOM_CACHE_SIZE not used"
+    local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
+    # Quietly exit early for empty or default
+    if [[ -z "${1}" || "${1}" == '10000' ]] ; then return ; fi
+
+    if [[ "${DNSSEC}" == "true" ]] ; then
+        echo "$warning - Cannot change cache size if DNSSEC is enabled"
+        return
+    fi
+
+    if ! echo $1 | grep -q '^[0-9]*$' ; then
+        echo "$warning - $1 is not an integer"
+        return
+    fi
+
+    local -i custom_cache_size="$1"
+    if (( $custom_cache_size < 0 )); then
+        echo "$warning - $custom_cache_size is not a positive integer or zero"
+        return
+    fi
+    echo "Custom CUSTOM_CACHE_SIZE set to $custom_cache_size"
+
+    sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location}
+}
+
 setup_lighttpd_bind() {
     local serverip="$1"
     # if using '--net=host' only bind lighttpd on $ServerIP and localhost

doco-example.yml

@@ -1 +0,0 @@
-docker-compose.yml

install.sh

@@ -2,22 +2,35 @@
 
 mkdir -p /etc/pihole/
 mkdir -p /var/run/pihole
-# Production tags with valid web footers
-export CORE_VERSION="$(cat /etc/docker-pi-hole-version)"
-export WEB_VERSION="${CORE_VERSION}"
-export PIHOLE_SKIP_OS_CHECK=true
-# Overwrite WEB_VERSION if core and web versions are different
-export WEB_VERSION="v5.5"
 
-# Only use for pre-production / testing
-export CHECKOUT_BRANCHES=false
-# Search for release/* branch naming convention for custom checkouts
-if [[ "$CORE_VERSION" == *"release/"* ]] ; then
-    CHECKOUT_BRANCHES=true
-fi
+# Source versions file
+source /etc/pi-hole-versions
+
+CORE_REMOTE_REPO=https://github.com/pi-hole/pi-hole
+CORE_LOCAL_REPO=/etc/.pihole
+WEB_REMOTE_REPO=https://github.com/pi-hole/adminLTE
+WEB_LOCAL_REPO=/var/www/html/admin
+setupVars=/etc/pihole/setupVars.conf
+
+fetch_release_metadata() {
+    local directory="$1"
+    local version="$2"
+    pushd "$directory"
+    git fetch -t
+    git remote set-branches origin '*'
+    git fetch --depth 10
+    #if version number begins with a v, it's a version number
+    if [[ $version == v* ]]; then
+        git checkout master
+        git reset --hard "$version"
+    else # else treat it as a branch
+        git checkout "$version"
+    fi
+    popd
+}
 
 apt-get update
-apt-get install --no-install-recommends -y curl procps ca-certificates
+apt-get install --no-install-recommends -y curl procps ca-certificates git
 # curl in armhf-buster's image has SSL issues. Running c_rehash fixes it.
 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923479
 c_rehash
@@ -29,9 +42,15 @@ mv /init /s6-init
 which debconf-apt-progress
 mv "$(which debconf-apt-progress)" /bin/no_debconf-apt-progress
 
-# Get the install functions
-curl https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_VERSION}/automated%20install/basic-install.sh > "$PIHOLE_INSTALL"
-PH_TEST=true . "${PIHOLE_INSTALL}"
+# clone the remote repos to their local destinations
+git clone "${CORE_REMOTE_REPO}" "${CORE_LOCAL_REPO}"
+fetch_release_metadata "${CORE_LOCAL_REPO}" "${CORE_VERSION}"
+
+git clone "${WEB_REMOTE_REPO}" "${WEB_LOCAL_REPO}"
+fetch_release_metadata "${WEB_LOCAL_REPO}" "${WEB_VERSION}"
+
+# FTL uses a local version file for the installer to determine which version we want
+echo "${FTL_VERSION}" > /etc/pihole/ftlbranch
 
 # Preseed variables to assist with using --unattended install
 {
@@ -47,53 +66,28 @@ PH_TEST=true . "${PIHOLE_INSTALL}"
 source $setupVars
 
 export USER=pihole
-distro_check
 
 # fix permission denied to resolvconf post-inst /etc/resolv.conf moby/moby issue #1297
 apt-get -y install debconf-utils
 echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections
 
+export PIHOLE_SKIP_OS_CHECK=true
+
 ln -s /bin/true /usr/local/bin/service
-bash -ex "./${PIHOLE_INSTALL}" --unattended
+# Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated
+bash -ex "./${PIHOLE_INSTALL}" --unattended --reconfigure
 rm /usr/local/bin/service
 
 # IPv6 support for nc openbsd better than traditional
 apt-get install -y --force-yes netcat-openbsd
 
-fetch_release_metadata() {
-    local directory="$1"
-    local version="$2"
-    pushd "$directory"
-    git fetch -t
-    git remote set-branches origin '*'
-    git fetch --depth 10
-    git checkout master
-    git reset --hard "$version"
-    popd
-}
-
-if [[ $CHECKOUT_BRANCHES == true ]] ; then
-    ln -s /bin/true /usr/local/bin/service
-    ln -s /bin/true /usr/local/bin/update-rc.d
-    echo "${CORE_VERSION}" | sudo tee /etc/pihole/ftlbranch
-    echo y | bash -x pihole checkout core ${CORE_VERSION}
-    echo y | bash -x pihole checkout web ${WEB_VERSION}
-    # echo y | bash -x pihole checkout ftl ${CORE_VERSION}
-    # If the v is forgotten: ${CORE_VERSION/v/}
-    unlink /usr/local/bin/service
-    unlink /usr/local/bin/update-rc.d
-else
-    # Reset to our tags so version numbers get detected correctly
-    fetch_release_metadata "${PI_HOLE_LOCAL_REPO}" "${CORE_VERSION}"
-    fetch_release_metadata "${webInterfaceDir}" "${WEB_VERSION}"
-fi
-
 sed -i 's/readonly //g' /opt/pihole/webpage.sh
 sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
 
 # Replace the call to `updatePiholeFunc` in arg parse with new `unsupportedFunc`
 sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n  echo "Function not supported in Docker images"\\\n  exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
 sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+sed -i $'s/)\s*piholeCheckoutFunc/) unsupportedFunc/g' /usr/local/bin/pihole
 
 touch /.piholeFirstBoot
 

start.sh

@@ -39,6 +39,7 @@ export PIHOLE_DOMAIN
 export DHCP_IPv6
 export DHCP_rapid_commit
 export WEBTHEME
+export CUSTOM_CACHE_SIZE
 
 export adlistFile='/etc/pihole/adlists.list'
 
@@ -53,7 +54,7 @@ export adlistFile='/etc/pihole/adlists.list'
 . /opt/pihole/webpage.sh
 
 # PH_TEST prevents the install from actually running (someone should rename that)
-PH_TEST=true . $PIHOLE_INSTALL
+PH_TEST=true . "${PIHOLE_INSTALL}"
 
 echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
 

test/test_bash_functions.py

@@ -48,6 +48,39 @@ def test_bad_input_to_WEB_PORT(Docker, test_args, expected_error):
     assert expected_error in function.stdout
 
 
+@pytest.mark.parametrize('test_args,cache_size', [('-e CUSTOM_CACHE_SIZE="0"', '0'), ('-e CUSTOM_CACHE_SIZE="20000"', '20000')])
+def test_overrides_default_CUSTOM_CACHE_SIZE(Docker, Slow, test_args, cache_size):
+    ''' Changes the cache_size setting to increase or decrease the cache size for dnsmasq'''
+    CONFIG_LINE = r'cache-size\s*=\s*{}'.format(cache_size)
+    DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf'
+
+    function = Docker.run('echo ${CUSTOM_CACHE_SIZE};. ./bash_functions.sh; echo ${CUSTOM_CACHE_SIZE}; eval `grep setup_dnsmasq /start.sh`')
+    assert "Custom CUSTOM_CACHE_SIZE set to {}".format(cache_size) in function.stdout
+    Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None)
+
+
+@pytest.mark.parametrize('test_args', [
+    '-e CUSTOM_CACHE_SIZE="-1"',
+    '-e CUSTOM_CACHE_SIZE="1,000"',
+])
+def test_bad_input_to_CUSTOM_CACHE_SIZE(Docker, Slow, test_args):
+    CONFIG_LINE = r'cache-size\s*=\s*10000'
+    DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf'
+
+    Docker.run('. ./bash_functions.sh; eval `grep setup_dnsmasq /start.sh`')
+    Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None)
+
+@pytest.mark.parametrize('test_args', [
+    '-e DNSSEC="true" -e CUSTOM_CACHE_SIZE="0"',
+])
+def test_dnssec_enabled_with_CUSTOM_CACHE_SIZE(Docker, Slow, test_args):
+    CONFIG_LINE = r'cache-size\s*=\s*10000'
+    DNSMASQ_CONFIG = '/etc/dnsmasq.d/01-pihole.conf'
+
+    Docker.run('. ./bash_functions.sh; eval `grep setup_dnsmasq /start.sh`')
+    Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(DNSMASQ_CONFIG)).stdout) != None)
+
+
 # DNS Environment Variable behavior in combinations of modified pihole LTE settings
 @pytest.mark.skip('broke, needs investigation in v5.0 beta')
 @pytest.mark.parametrize('args_env, expected_stdout, dns1, dns2', [