From f9d990145a9b52fab61ff80b40182f3e94d724fe Mon Sep 17 00:00:00 2001 From: RD WebDesign Date: Mon, 30 May 2022 03:00:16 -0300 Subject: [PATCH] Always use WEBPASSWORD env var if set Signed-off-by: RD WebDesign --- bash_functions.sh | 34 +++++++++++++++++++++++----------- start.sh | 4 ++-- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/bash_functions.sh b/bash_functions.sh index 38264ee..a2791a7 100644 --- a/bash_functions.sh +++ b/bash_functions.sh @@ -6,12 +6,12 @@ fix_capabilities() { # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container: # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep # FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first: - + /sbin/capsh --has-p=cap_chown && CAP_STR+=',CAP_CHOWN' /sbin/capsh --has-p=cap_net_bind_service && CAP_STR+=',CAP_NET_BIND_SERVICE' /sbin/capsh --has-p=cap_net_raw && CAP_STR+=',CAP_NET_RAW' /sbin/capsh --has-p=cap_net_admin && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false' - /sbin/capsh --has-p=cap_sys_nice && CAP_STR+=',CAP_SYS_NICE' + /sbin/capsh --has-p=cap_sys_nice && CAP_STR+=',CAP_SYS_NICE' if [[ ${CAP_STR} ]]; then # We have the (some of) the above caps available to us - apply them to pihole-FTL @@ -24,12 +24,12 @@ fix_capabilities() { DHCP_ACTIVE='false' change_setting "DHCP_ACTIVE" "false" fi - + if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then echo "ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root." echo " If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'" exit 1 - fi + fi else echo "WARNING: Unable to set capabilities for pihole-FTL." echo " Please ensure that the container has the required capabilities." @@ -45,21 +45,21 @@ prepare_configs() { LIGHTTPD_GROUP="www-data" LIGHTTPD_CFG="lighttpd.conf.debian" installConfigs - + if [ ! -f "${setupVars}" ]; then install -m 644 /dev/null "${setupVars}" echo "Creating empty ${setupVars} file." fi - + set +e mkdir -p /var/run/pihole /var/log/pihole - + chown pihole:root /etc/lighttpd - + # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command chown -R pihole:root "${PI_HOLE_INSTALL_DIR}" chown pihole:root "${PI_HOLE_BIN_DIR}/pihole" - + set -e # Update version numbers pihole updatechecker @@ -279,9 +279,21 @@ generate_password() { } setup_web_password() { - setup_var_exists "WEBPASSWORD" && return + if [ -z "${WEBPASSWORD+x}" ] ; then + # ENV WEBPASSWORD is not set + + # Exit if setupvars already has a password + setup_var_exists "WEBPASSWORD" && return + + # Generate new password + generate_password + else + # ENV WEBPASSWORD is set an will be used + echo "Assigning password defined by Environment Variable" + fi + + PASS="$WEBPASSWORD" - PASS="$1" # Explicitly turn off bash printing when working with secrets { set +x; } 2>/dev/null diff --git a/start.sh b/start.sh index 90ef9c3..8994d39 100755 --- a/start.sh +++ b/start.sh @@ -39,6 +39,7 @@ export PIHOLE_DOMAIN export DHCP_IPv6 export DHCP_rapid_commit export WEBTHEME +export WEBPASSWORD export CUSTOM_CACHE_SIZE export adlistFile='/etc/pihole/adlists.list' @@ -67,7 +68,6 @@ echo " ::: Starting docker specific checks & setup for docker pihole/pihole" fix_capabilities load_web_password_secret -generate_password validate_env || exit 1 prepare_configs @@ -185,7 +185,7 @@ fi [[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_dhcp setup_web_port "$WEB_PORT" -setup_web_password "$WEBPASSWORD" +setup_web_password setup_temp_unit "$TEMPERATUREUNIT" setup_ui_layout "$WEBUIBOXEDLAYOUT" setup_admin_email "$ADMIN_EMAIL"