mirror of
https://github.com/pi-hole/docker-pi-hole.git
synced 2024-06-27 19:55:14 +02:00
Always use WEBPASSWORD env var if set
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
This commit is contained in:
parent
9f9010edaa
commit
f9d990145a
|
@ -6,12 +6,12 @@ fix_capabilities() {
|
||||||
# Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
|
# Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
|
||||||
# Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
|
# Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
|
||||||
# FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
|
# FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
|
||||||
|
|
||||||
/sbin/capsh --has-p=cap_chown && CAP_STR+=',CAP_CHOWN'
|
/sbin/capsh --has-p=cap_chown && CAP_STR+=',CAP_CHOWN'
|
||||||
/sbin/capsh --has-p=cap_net_bind_service && CAP_STR+=',CAP_NET_BIND_SERVICE'
|
/sbin/capsh --has-p=cap_net_bind_service && CAP_STR+=',CAP_NET_BIND_SERVICE'
|
||||||
/sbin/capsh --has-p=cap_net_raw && CAP_STR+=',CAP_NET_RAW'
|
/sbin/capsh --has-p=cap_net_raw && CAP_STR+=',CAP_NET_RAW'
|
||||||
/sbin/capsh --has-p=cap_net_admin && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
|
/sbin/capsh --has-p=cap_net_admin && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
|
||||||
/sbin/capsh --has-p=cap_sys_nice && CAP_STR+=',CAP_SYS_NICE'
|
/sbin/capsh --has-p=cap_sys_nice && CAP_STR+=',CAP_SYS_NICE'
|
||||||
|
|
||||||
if [[ ${CAP_STR} ]]; then
|
if [[ ${CAP_STR} ]]; then
|
||||||
# We have the (some of) the above caps available to us - apply them to pihole-FTL
|
# We have the (some of) the above caps available to us - apply them to pihole-FTL
|
||||||
|
@ -24,12 +24,12 @@ fix_capabilities() {
|
||||||
DHCP_ACTIVE='false'
|
DHCP_ACTIVE='false'
|
||||||
change_setting "DHCP_ACTIVE" "false"
|
change_setting "DHCP_ACTIVE" "false"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
|
if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
|
||||||
echo "ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
|
echo "ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
|
||||||
echo " If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
|
echo " If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "WARNING: Unable to set capabilities for pihole-FTL."
|
echo "WARNING: Unable to set capabilities for pihole-FTL."
|
||||||
echo " Please ensure that the container has the required capabilities."
|
echo " Please ensure that the container has the required capabilities."
|
||||||
|
@ -45,21 +45,21 @@ prepare_configs() {
|
||||||
LIGHTTPD_GROUP="www-data"
|
LIGHTTPD_GROUP="www-data"
|
||||||
LIGHTTPD_CFG="lighttpd.conf.debian"
|
LIGHTTPD_CFG="lighttpd.conf.debian"
|
||||||
installConfigs
|
installConfigs
|
||||||
|
|
||||||
if [ ! -f "${setupVars}" ]; then
|
if [ ! -f "${setupVars}" ]; then
|
||||||
install -m 644 /dev/null "${setupVars}"
|
install -m 644 /dev/null "${setupVars}"
|
||||||
echo "Creating empty ${setupVars} file."
|
echo "Creating empty ${setupVars} file."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
set +e
|
set +e
|
||||||
mkdir -p /var/run/pihole /var/log/pihole
|
mkdir -p /var/run/pihole /var/log/pihole
|
||||||
|
|
||||||
chown pihole:root /etc/lighttpd
|
chown pihole:root /etc/lighttpd
|
||||||
|
|
||||||
# In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command
|
# In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command
|
||||||
chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
|
chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
|
||||||
chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
|
chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
# Update version numbers
|
# Update version numbers
|
||||||
pihole updatechecker
|
pihole updatechecker
|
||||||
|
@ -279,9 +279,21 @@ generate_password() {
|
||||||
}
|
}
|
||||||
|
|
||||||
setup_web_password() {
|
setup_web_password() {
|
||||||
setup_var_exists "WEBPASSWORD" && return
|
if [ -z "${WEBPASSWORD+x}" ] ; then
|
||||||
|
# ENV WEBPASSWORD is not set
|
||||||
|
|
||||||
|
# Exit if setupvars already has a password
|
||||||
|
setup_var_exists "WEBPASSWORD" && return
|
||||||
|
|
||||||
|
# Generate new password
|
||||||
|
generate_password
|
||||||
|
else
|
||||||
|
# ENV WEBPASSWORD is set an will be used
|
||||||
|
echo "Assigning password defined by Environment Variable"
|
||||||
|
fi
|
||||||
|
|
||||||
|
PASS="$WEBPASSWORD"
|
||||||
|
|
||||||
PASS="$1"
|
|
||||||
# Explicitly turn off bash printing when working with secrets
|
# Explicitly turn off bash printing when working with secrets
|
||||||
{ set +x; } 2>/dev/null
|
{ set +x; } 2>/dev/null
|
||||||
|
|
||||||
|
|
4
start.sh
4
start.sh
|
@ -39,6 +39,7 @@ export PIHOLE_DOMAIN
|
||||||
export DHCP_IPv6
|
export DHCP_IPv6
|
||||||
export DHCP_rapid_commit
|
export DHCP_rapid_commit
|
||||||
export WEBTHEME
|
export WEBTHEME
|
||||||
|
export WEBPASSWORD
|
||||||
export CUSTOM_CACHE_SIZE
|
export CUSTOM_CACHE_SIZE
|
||||||
|
|
||||||
export adlistFile='/etc/pihole/adlists.list'
|
export adlistFile='/etc/pihole/adlists.list'
|
||||||
|
@ -67,7 +68,6 @@ echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
|
||||||
|
|
||||||
fix_capabilities
|
fix_capabilities
|
||||||
load_web_password_secret
|
load_web_password_secret
|
||||||
generate_password
|
|
||||||
validate_env || exit 1
|
validate_env || exit 1
|
||||||
prepare_configs
|
prepare_configs
|
||||||
|
|
||||||
|
@ -185,7 +185,7 @@ fi
|
||||||
[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_dhcp
|
[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_dhcp
|
||||||
|
|
||||||
setup_web_port "$WEB_PORT"
|
setup_web_port "$WEB_PORT"
|
||||||
setup_web_password "$WEBPASSWORD"
|
setup_web_password
|
||||||
setup_temp_unit "$TEMPERATUREUNIT"
|
setup_temp_unit "$TEMPERATUREUNIT"
|
||||||
setup_ui_layout "$WEBUIBOXEDLAYOUT"
|
setup_ui_layout "$WEBUIBOXEDLAYOUT"
|
||||||
setup_admin_email "$ADMIN_EMAIL"
|
setup_admin_email "$ADMIN_EMAIL"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user