make sure that setup_FTL_ProcessDNSSettings is the last thing called, else user set environment variables will be overridden when it sources setupVars.conf

Some additional tweaks

src/scripts/bash_functions.sh

@@ -1,4 +1,13 @@
 #!/bin/bash
+
+# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
+# else it will get overridden itself when we source basic-install.sh
+[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
+
+# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
+[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_REPLY_ADDR4" && export "FTLCONF_REPLY_ADDR4"="$ServerIP"
+[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_REPLY_ADDR6" && export "FTLCONF_REPLY_ADDR6"="$ServerIPv6"
+
 # Some of the bash_functions use utilities from Pi-hole's utils.sh
 # shellcheck disable=SC2154
 # shellcheck source=/dev/null
@@ -356,28 +365,26 @@ load_web_password_secret() {
 
 setup_web_password() {
     if [ -z "${WEBPASSWORD+x}" ] ; then
-        # ENV WEBPASSWORD is not set
+        # ENV WEBPASSWORD_OVERRIDE is not set
 
         # Exit if setupvars already has a password
         setup_var_exists "WEBPASSWORD" && return
-
         # Generate new random password
         WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
         echo "Assigning random password: $WEBPASSWORD"
     else
-        # ENV WEBPASSWORD is set an will be used
+        # ENV WEBPASSWORD_OVERRIDE is set and will be used
         echo "::: Assigning password defined by Environment Variable"
+        # WEBPASSWORD="$WEBPASSWORD"
     fi
 
-    PASS="$WEBPASSWORD"
-
     # Explicitly turn off bash printing when working with secrets
     { set +x; } 2>/dev/null
 
-    if [[ "$PASS" == "" ]] ; then
+    if [[ "$WEBPASSWORD" == "" ]] ; then
         echo "" | pihole -a -p
     else
-        pihole -a -p "$PASS" "$PASS"
+        pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
     fi
 
     # To avoid printing this if conditional in bash debug, turn off  debug above..

src/scripts/start.sh

@@ -1,14 +1,5 @@
 #!/bin/bash -e
 
-# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
-# else it will get overridden when we source bash_functions.sh
-# (which then sources basic-install.sh)
-[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
-
-# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
-[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_REPLY_ADDR4" && export "FTLCONF_REPLY_ADDR4"="$ServerIP"
-[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_REPLY_ADDR6" && export "FTLCONF_REPLY_ADDR6"="$ServerIPv6"
-
 # The below functions are all contained in bash_functions.sh
 # shellcheck source=/dev/null
 . /bash_functions.sh
@@ -30,21 +21,6 @@ echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
 validate_env || exit 1
 ensure_basic_configuration
 
-# FTL setup
-# ===========================
-setup_FTL_upstream_DNS
-[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
-apply_FTL_Configs_From_Env
-setup_FTL_User
-setup_FTL_Interface
-setup_FTL_CacheSize
-setup_FTL_query_logging
-setup_FTL_server || true
-[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
-[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
-[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
-setup_FTL_ProcessDNSSettings
-
 # Web interface setup
 # ===========================
 setup_web_port
@@ -65,6 +41,22 @@ setup_lighttpd_bind
 setup_admin_email
 setup_blocklists
 
+# FTL setup
+# ===========================
+setup_FTL_upstream_DNS
+[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
+apply_FTL_Configs_From_Env
+setup_FTL_User
+setup_FTL_Interface
+setup_FTL_CacheSize
+setup_FTL_query_logging
+setup_FTL_server || true
+[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
+[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
+[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
+# The following must be called last! It will source setupVars.conf and override any env vars users pass in before they have been applied
+setup_FTL_ProcessDNSSettings
+
 test_configs
 
 [ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot

test/Dockerfile

@@ -13,14 +13,14 @@ RUN apt-get update && \
 RUN curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
     chmod +x /usr/local/bin/docker-compose
 
-COPY ./Dockerfile.sh /usr/local/bin/
+COPY ./cmd.sh /usr/local/bin/
 COPY Pipfile* /root/
 WORKDIR /root
 
 RUN pipenv install --system \
     && sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.8/site-packages/testinfra/backend/docker.py
 
-RUN echo "set -ex && Dockerfile.sh && \$@" > /usr/local/bin/entrypoint.sh
+RUN echo "set -ex && cmd.sh && \$@" > /usr/local/bin/entrypoint.sh
 RUN chmod +x /usr/local/bin/entrypoint.sh
 ENTRYPOINT entrypoint.sh
-CMD Dockerfile.sh
+CMD cmd.sh

test/tests/test_bash_functions.py

@@ -5,9 +5,9 @@ import re
 
 SETUPVARS_LOC='/etc/pihole/setupVars.conf'
 DNSMASQ_CONFIG_LOC = '/etc/dnsmasq.d/01-pihole.conf'
-EVAL_SETUP_FTL_CACHESIZE='. ./bash_functions.sh ; eval `grep setup_FTL_CacheSize /start.sh`'
-EVAL_SETUP_FTL_INTERFACE='. ./bash_functions.sh ; eval `grep setup_FTL_Interface /start.sh`'
-EVAL_SETUP_WEB_PASSWORD='. ./bash_functions.sh ; eval `grep setup_web_password /start.sh`'
+CMD_SETUP_FTL_CACHESIZE='. bash_functions.sh ; setup_FTL_CacheSize'
+CMD_SETUP_FTL_INTERFACE='. bash_functions.sh ; setup_FTL_Interface'
+CMD_SETUP_WEB_PASSWORD='. bash_functions.sh ; setup_web_password'
 
 def _cat(file):
     return 'cat {}'.format(file)
@@ -76,7 +76,7 @@ def test_overrides_default_custom_cache_size(docker, slow, test_args, cache_size
 def test_bad_input_to_custom_cache_size(docker, slow, test_args):
     CONFIG_LINE = r'cache-size\s*=\s*10000'
 
-    docker.run(EVAL_SETUP_FTL_CACHESIZE)
+    docker.run(CMD_SETUP_FTL_CACHESIZE)
     slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
 
 @pytest.mark.parametrize('test_args', [
@@ -85,7 +85,7 @@ def test_bad_input_to_custom_cache_size(docker, slow, test_args):
 def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
     CONFIG_LINE = r'cache-size\s*=\s*10000'
 
-    docker.run(EVAL_SETUP_FTL_CACHESIZE)
+    docker.run(CMD_SETUP_FTL_CACHESIZE)
     slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
 
 
@@ -95,7 +95,7 @@ def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
 ])
 def test_dns_interface_override_defaults(docker, slow, args_env, expected_stdout, expected_config_line):
     ''' When INTERFACE environment var is passed in, overwrite dnsmasq interface '''
-    function = docker.run(EVAL_SETUP_FTL_INTERFACE)
+    function = docker.run(CMD_SETUP_FTL_INTERFACE)
     assert expected_stdout in function.stdout
     slow(lambda: expected_config_line + '\n' == docker.run('grep "^PIHOLE_INTERFACE" {}'.format(SETUPVARS_LOC)).stdout)
 
@@ -125,7 +125,7 @@ def test_debian_setup_php_env(docker, expected_lines, repeat_function):
 
 def test_webpassword_random_generation(docker):
     ''' When a user sets webPassword env the admin password gets set to that '''
-    function = docker.run(EVAL_SETUP_WEB_PASSWORD)
+    function = docker.run(CMD_SETUP_WEB_PASSWORD)
     assert 'assigning random password' in function.stdout.lower()
 
 
@@ -136,7 +136,7 @@ def test_webpassword_random_generation(docker):
 ])
 def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(docker, args_env, secure, setupvars_hash):
     ''' When a user sets webPassword env the admin password gets set or removed if empty '''
-    function = docker.run(EVAL_SETUP_WEB_PASSWORD)
+    function = docker.run(CMD_SETUP_WEB_PASSWORD)
 
     if secure:
         assert 'new password set' in function.stdout.lower()
@@ -150,7 +150,7 @@ def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(docker, ar
 @pytest.mark.parametrize('test_args', ['-e WEBPASSWORD=login', '-e WEBPASSWORD=""'])
 def test_env_always_updates_password(docker, args_env, test_args):
     '''When a user sets the WEBPASSWORD environment variable, ensure it always sets the password'''
-    function = docker.run(EVAL_SETUP_WEB_PASSWORD)
+    function = docker.run(CMD_SETUP_WEB_PASSWORD)
 
     assert '::: Assigning password defined by Environment Variable' in function.stdout
 
@@ -159,7 +159,7 @@ def test_env_always_updates_password(docker, args_env, test_args):
 def test_setupvars_trumps_random_password_if_set(docker, args_env, test_args):
     '''If a password is already set in setupvars, and no password is set in the environment variable, do not generate a random password'''
     docker.run('. /opt/pihole/utils.sh ; addOrEditKeyValPair {} WEBPASSWORD volumepass'.format(SETUPVARS_LOC))
-    function = docker.run(EVAL_SETUP_WEB_PASSWORD)
+    function = docker.run(CMD_SETUP_WEB_PASSWORD)
 
     assert 'Pre existing WEBPASSWORD found' in function.stdout
     assert docker.run(_grep('WEBPASSWORD=volumepass', SETUPVARS_LOC)).rc == 0