Merge pull request #1142 from pi-hole/s6-3-markII

Upgrade to S6 overlay v3

Dockerfile

@@ -4,12 +4,12 @@ FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}"
 ARG PIHOLE_DOCKER_TAG
 ENV PIHOLE_DOCKER_TAG "${PIHOLE_DOCKER_TAG}"
 
-ENV S6_OVERLAY_VERSION v2.1.0.2
+ENV S6_OVERLAY_VERSION v3.1.1.2
 
-COPY install.sh /usr/local/bin/install.sh
+COPY ./scripts/install.sh /usr/local/bin/install.sh
 ENV PIHOLE_INSTALL /etc/.pihole/automated\ install/basic-install.sh
 
-ENTRYPOINT [ "/s6-init" ]
+ENTRYPOINT [ "/init" ]
 
 COPY s6/debian-root /
 COPY s6/service /usr/local/bin/service
@@ -22,8 +22,9 @@ ARG PHP_ENV_CONFIG
 ENV PHP_ENV_CONFIG /etc/lighttpd/conf-enabled/15-fastcgi-php.conf
 ARG PHP_ERROR_LOG
 ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log
-COPY ./start.sh /
-COPY ./bash_functions.sh /
+COPY ./scripts/start.sh /
+COPY ./scripts/bash_functions.sh /
+COPY ./scripts/gravityonboot.sh /
 
 # IPv6 disable flag for networks/devices that do not support it
 ENV IPv6 True

s6/debian-root/etc/cont-init.d/05-changer-uid-gid.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 set -e
 
 if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
@@ -14,7 +14,7 @@ modifyUser()
   [[ ${currentId} -eq ${newId} ]] && return
 
   echo "Changing ID for user: ${username} (${currentId} => ${newId})"
-  usermod -o -u ${newId} ${username}  
+  usermod -o -u ${newId} ${username}
 }
 
 modifyGroup()

s6/debian-root/etc/cont-init.d/20-start.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv bash
-set -e
-
-bashCmd='bash -e'
-if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
-    set -x ;
-    bashCmd='bash -e -x'
-fi
-
-$bashCmd /start.sh

s6/debian-root/etc/s6-overlay/s6-rc.d/1-gravityonboot/dependencies

@@ -0,0 +1 @@
+pihole-FTL

s6/debian-root/etc/s6-overlay/s6-rc.d/1-gravityonboot/type

@@ -0,0 +1 @@
+oneshot

s6/debian-root/etc/s6-overlay/s6-rc.d/1-gravityonboot/up

@@ -0,0 +1 @@
+bash /gravityonboot.sh

s6/debian-root/etc/s6-overlay/s6-rc.d/1-startup/type

@@ -0,0 +1 @@
+oneshot

s6/debian-root/etc/s6-overlay/s6-rc.d/1-startup/up

@@ -0,0 +1,2 @@
+#!/usr/bin/execlineb
+foreground { bash -e /start.sh }

s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Stopping cron"
 killall -9 cron

s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 s6-echo "Starting crond"
 
 exec -c

s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type

@@ -0,0 +1 @@
+longrun

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Stopping lighttpd-access-log"
 pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+access\.log" |cut -f1 -d" ")

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Starting lighttpd-access-log"
 

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type

@@ -0,0 +1 @@
+longrun

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Stopping lighttpd-error-log"
 pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+error\.log" |cut -f1 -d" ")

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Starting lighttpd-error-log"
 

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type

@@ -0,0 +1 @@
+longrun

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/dependencies

@@ -0,0 +1 @@
+pihole-FTL

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Stopping lighttpd"
 service lighttpd-access-log stop

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Starting lighttpd"
 

s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type

@@ -0,0 +1 @@
+longrun

s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/dependencies

@@ -0,0 +1 @@
+1-startup

s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Stopping pihole-FTL"
 killall -15 pihole-FTL

s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run

@@ -1,4 +1,37 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
+
+# Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
+# Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
+# FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
+
+/sbin/capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN'
+/sbin/capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE'
+/sbin/capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW'
+/sbin/capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
+/sbin/capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
+
+if [[ ${CAP_STR} ]]; then
+    # We have the (some of) the above caps available to us - apply them to pihole-FTL
+    setcap ${CAP_STR:1}+ep "$(which pihole-FTL)" || ret=$?
+
+    if [[ $DHCP_READY == false ]] && [[ $DHCP_ACTIVE == true ]]; then
+        # DHCP is requested but NET_ADMIN is not available.
+        echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
+        echo "      Please add cap_net_admin to the container's capabilities or disable DHCP."
+        DHCP_ACTIVE='false'
+        change_setting "DHCP_ACTIVE" "false"
+    fi
+
+    if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
+        echo "ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
+        echo "       If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
+        exit 1
+    fi
+else
+    echo "WARNING: Unable to set capabilities for pihole-FTL."
+    echo "         Please ensure that the container has the required capabilities."
+    exit 1
+fi
 
 s6-echo "Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
 # Remove possible leftovers from previous pihole-FTL processes
@@ -37,7 +70,7 @@ if [ ! -f /var/log/pihole-FTL.log ]; then
 fi
 
 # Call capsh with the detected capabilities
-capsh --inh=${CAP_STR:1} --addamb=${CAP_STR:1} --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null 2>&1" 
+capsh --inh=${CAP_STR:1} --addamb=${CAP_STR:1} --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null 2>&1"
 
 # Notes on above:
 # - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env

s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type

@@ -0,0 +1 @@
+longrun

s6/service

@@ -7,14 +7,16 @@ start() {
 }
 
 stop() {
-  s6-svc -wD -d -T2500 /var/run/s6/services/$service
+  #s6-svc -wD -d -T2500 /var/run/s6/services/$service
+  # /command/s6-svc -wD -d -T2500 /run/service/$service
+  /command/s6-rc -d change $service
 }
 
 restart() {
   local pid
 
   # Get the PID(s) of the service we are asking to restart
-  mapfile -t pids < <(pgrep $service)  
+  mapfile -t pids < <(pgrep $service)
 
   # Only attempt to stop the service if it is already running
   if [ "${#pids[@]}" -gt 0 ]; then
@@ -30,22 +32,25 @@ restart() {
 
   # Check it hasn't been started by something else in the meantime
   pid=$(pgrep $service)
-  
+
   # Only attempt to start the service if it is not already running
   if [ -z "$pid" ]; then
-    s6-svc -wu -u -T2500 /var/run/s6/services/$service
+    # s6-svc -wu -u -T2500 /var/run/s6/services/$service
+    # /command/s6-svc -wu -u -T2500 /run/service/$service
+    /command/s6-rc -u change $service
   fi
-  
+
 }
 
 status() {
-  s6-svstat /var/run/s6/services/$service
+  /command/s6-svstat /run/service/$service
+  #/var/run/s6/services/$service
 }
 
 service="$1"
 command="$2"
 
-if [[ ! -d "/var/run/s6/services/$service" ]] ; then
+if [[ ! -d "/run/service/$service" ]] ; then
   echo "s6 service not found for $service, exiting..."
   exit
 fi;

scripts/bash_functions.sh

@@ -17,41 +17,6 @@ changeFTLsetting() {
     addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
 }
 
-fix_capabilities() {
-    # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
-    # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
-    # FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
-
-    /sbin/capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN'
-    /sbin/capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE'
-    /sbin/capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW'
-    /sbin/capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
-    /sbin/capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
-
-    if [[ ${CAP_STR} ]]; then
-        # We have the (some of) the above caps available to us - apply them to pihole-FTL
-        setcap ${CAP_STR:1}+ep "$(which pihole-FTL)" || ret=$?
-
-        if [[ $DHCP_READY == false ]] && [[ $DHCP_ACTIVE == true ]]; then
-            # DHCP is requested but NET_ADMIN is not available.
-            echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
-            echo "      Please add cap_net_admin to the container's capabilities or disable DHCP."
-            DHCP_ACTIVE='false'
-            change_setting "DHCP_ACTIVE" "false"
-        fi
-
-        if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
-            echo "ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
-            echo "       If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
-            exit 1
-        fi
-    else
-        echo "WARNING: Unable to set capabilities for pihole-FTL."
-        echo "         Please ensure that the container has the required capabilities."
-        exit 1
-    fi
-}
-
 # shellcheck disable=SC2034
 ensure_basic_configuration() {
 
@@ -99,6 +64,8 @@ ensure_basic_configuration() {
     if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
         cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
     fi;
+
+    # setup_or_skip_gravity
 }
 
 validate_env() {
@@ -301,6 +268,14 @@ setup_FTL_upstream_DNS(){
     fi
 }
 
+setup_FTL_ProcessDNSSettings(){
+    # Commit settings to 01-pihole.conf
+
+    # shellcheck source=/dev/null
+    . /opt/pihole/webpage.sh
+    ProcessDNSSettings
+}
+
 setup_lighttpd_bind() {
     local serverip="${FTLCONF_REPLY_ADDR4}"
     # if using '--net=host' only bind lighttpd on $FTLCONF_REPLY_ADDR6 and localhost
@@ -496,32 +471,3 @@ setup_admin_email() {
       pihole -a -e "$EMAIL"
   fi
 }
-
-setup_or_skip_gravity(){
-    # Gotta go fast, no time for gravity
-    if [ -n "$PYTEST" ]; then
-        sed -i 's/^gravity_spinup$/#gravity_spinup # DISABLED FOR PYTEST/g' "$(which gravity.sh)"
-    fi
-
-    gravityDBfile="/etc/pihole/gravity.db"
-    config_file="/etc/pihole/pihole-FTL.conf"
-    # make a point to mention which config file we're checking, as breadcrumb to revisit if/when pihole-FTL.conf is succeeded by TOML
-    echo "  Checking if custom gravity.db is set in ${config_file}"
-    if [[ -f "${config_file}" ]]; then
-        gravityDBfile="$(grep --color=never -Po "^GRAVITYDB=\K.*" "${config_file}" 2> /dev/null || echo "/etc/pihole/gravity.db")"
-    fi
-
-
-    if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -e "${gravityDBfile}" ]; then
-        if [ -n "$SKIPGRAVITYONBOOT" ];then
-            echo "  SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
-            echo "  Ignoring SKIPGRAVITYONBOOT on this occaision."
-        fi
-        # shellcheck disable=SC2016
-        echo '@reboot root PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log' > /etc/cron.d/gravity-on-boot
-    else
-        echo "  Skipping Gravity Database Update."
-        [ ! -e /etc/cron.d/gravity-on-boot ] || rm /etc/cron.d/gravity-on-boot &>/dev/null
-    fi
-}
-

scripts/gravityonboot.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+gravityDBfile="/etc/pihole/gravity.db"
+config_file="/etc/pihole/pihole-FTL.conf"
+# make a point to mention which config file we're checking, as breadcrumb to revisit if/when pihole-FTL.conf is succeeded by TOML
+echo "  Checking if custom gravity.db is set in ${config_file}"
+if [[ -f "${config_file}" ]]; then
+    gravityDBfile="$(grep --color=never -Po "^GRAVITYDB=\K.*" "${config_file}" 2> /dev/null || echo "/etc/pihole/gravity.db")"
+fi
+
+if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then
+    if [ -n "$SKIPGRAVITYONBOOT" ];then
+        echo "  SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
+        echo "  Ignoring SKIPGRAVITYONBOOT on this occaision."
+    fi
+    pihole -g
+else
+    echo "  Skipping Gravity Database Update."
+fi

scripts/install.sh

@@ -9,24 +9,24 @@ WEB_LOCAL_REPO=/var/www/html/admin
 
 setupVars=/etc/pihole/setupVars.conf
 
-s6_download_url() {
+detect_arch() {
   DETECTED_ARCH=$(dpkg --print-architecture)
   S6_ARCH=$DETECTED_ARCH
   case $DETECTED_ARCH in
+  amd64)
+    S6_ARCH="x86_64";;
   armel)
     S6_ARCH="arm";;
   armhf)
-    S6_ARCH="arm";;
+    S6_ARCH="armhf";;
   arm64)
     S6_ARCH="aarch64";;
   i386)
     S6_ARCH="x86";;
-  ppc64el)
-    S6_ARCH="ppc64le";;
 esac
-  echo "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.gz"
 }
 
+
 # Helps to have some additional tools in the dev image when debugging
 if [[ "${PIHOLE_DOCKER_TAG}" = 'nightly' ||  "${PIHOLE_DOCKER_TAG}" = 'dev' ]]; then
   apt-get update
@@ -34,8 +34,10 @@ if [[ "${PIHOLE_DOCKER_TAG}" = 'nightly' ||  "${PIHOLE_DOCKER_TAG}" = 'dev' ]];
   rm -rf /var/lib/apt/lists/*
 fi
 
-curl -L -s "$(s6_download_url)" | tar xvzf - -C /
-mv /init /s6-init
+detect_arch
+
+curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" | tar Jxpf - -C /
+curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" | tar Jxpf - -C /
 
 # Preseed variables to assist with using --unattended install
 {

scripts/start.sh

@@ -27,7 +27,6 @@ echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
 
 # Initial checks
 # ===========================
-fix_capabilities
 validate_env || exit 1
 ensure_basic_configuration
 
@@ -44,9 +43,7 @@ setup_FTL_server || true
 [ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
 [ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
 [ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
-# We call the following function directly as it also allows us to run ProcessDNSSettings
-# (to commit settings to 01-pihole.conf) without sourcing webpage.sh
-pihole -a -i "$DNSMASQ_LISTENING"
+setup_FTL_ProcessDNSSettings
 
 # Web interface setup
 # ===========================
@@ -72,8 +69,8 @@ test_configs
 
 [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
 
-echo " ::: Docker start setup complete"
+echo "::: Docker start setup complete"
 
 pihole -v
 
-echo "  Container tag is: ${PIHOLE_DOCKER_TAG}"
+echo "  Container tag is: ${PIHOLE_DOCKER_TAG}"