From a1a03d2d07f069ac4a5b4f9e352b07e2600d7465 Mon Sep 17 00:00:00 2001 From: Nathan Angelacos Date: Sat, 16 Mar 2019 13:45:59 -0400 Subject: pi-hole ftl - (dnsmasq with dns rbl additions) --- pi-hole-ftl/0001-musl-poll-h.patch | 13 +++ pi-hole-ftl/0002-musl-no-backtrace.patch | 38 ++++++++ pi-hole-ftl/APKBUILD | 59 +++++++++++++ pi-hole-ftl/pi-hole-ftl-dnssec.pre-install | 1 + pi-hole-ftl/pi-hole-ftl-dnssec.pre-upgrade | 1 + pi-hole-ftl/pi-hole-ftl.pre-install | 6 ++ pi-hole-ftl/pi-hole-ftl.pre-upgrade | 1 + pi-hole-ftl/pihole-FTL.confd | 4 + pi-hole-ftl/pihole-FTL.initd | 134 +++++++++++++++++++++++++++++ 9 files changed, 257 insertions(+) create mode 100644 pi-hole-ftl/0001-musl-poll-h.patch create mode 100644 pi-hole-ftl/0002-musl-no-backtrace.patch create mode 100644 pi-hole-ftl/APKBUILD create mode 120000 pi-hole-ftl/pi-hole-ftl-dnssec.pre-install create mode 120000 pi-hole-ftl/pi-hole-ftl-dnssec.pre-upgrade create mode 100644 pi-hole-ftl/pi-hole-ftl.pre-install create mode 120000 pi-hole-ftl/pi-hole-ftl.pre-upgrade create mode 100644 pi-hole-ftl/pihole-FTL.confd create mode 100644 pi-hole-ftl/pihole-FTL.initd diff --git a/pi-hole-ftl/0001-musl-poll-h.patch b/pi-hole-ftl/0001-musl-poll-h.patch new file mode 100644 index 0000000..e2bc98d --- /dev/null +++ b/pi-hole-ftl/0001-musl-poll-h.patch @@ -0,0 +1,13 @@ +diff --git a/dnsmasq/dnsmasq.h b/dnsmasq/dnsmasq.h +index 9321279..51a71c5 100644 +--- a/dnsmasq/dnsmasq.h ++++ b/dnsmasq/dnsmasq.h +@@ -95,7 +95,7 @@ typedef unsigned long long u64; + #if defined(HAVE_SOLARIS_NETWORK) + # include + #endif +-#include ++#include + #include + #include + #include diff --git a/pi-hole-ftl/0002-musl-no-backtrace.patch b/pi-hole-ftl/0002-musl-no-backtrace.patch new file mode 100644 index 0000000..b5e8795 --- /dev/null +++ b/pi-hole-ftl/0002-musl-no-backtrace.patch @@ -0,0 +1,38 @@ +diff --git a/signals.c b/signals.c +index 8691092..7823718 100644 +--- a/signals.c ++++ b/signals.c +@@ -9,7 +9,6 @@ + * Please see LICENSE file for your rights under this license. */ + + #include "FTL.h" +-#include + + volatile sig_atomic_t killed = 0; + time_t FTLstarttime = 0; +@@ -40,25 +39,6 @@ static void SIGSEGV_handler(int sig, siginfo_t *si, void *unused) + default: logg(" with code: Unknown (%i), ",si->si_code); break; + } + +- // Try to obtain backtrace. This may not always be helpful, but it is better than nothing +- void *buffer[255]; +- const int calls = backtrace(buffer, sizeof(buffer)/sizeof(void *)); +- char ** bcktrace = backtrace_symbols(buffer, calls); +- if(bcktrace == NULL) +- { +- logg("Unable to obtain backtrace (%i)!",calls); +- } +- else +- { +- logg("Backtrace:"); +- int j; +- for (j = 0; j < calls; j++) +- { +- logg("B[%04i]: %s",j,bcktrace[j]); +- } +- } +- free(bcktrace); +- + logg("Thank you for helping us to improve our FTL engine!"); + + // Print message and abort diff --git a/pi-hole-ftl/APKBUILD b/pi-hole-ftl/APKBUILD new file mode 100644 index 0000000..d2fafdd --- /dev/null +++ b/pi-hole-ftl/APKBUILD @@ -0,0 +1,59 @@ +# Maintainer: Nathan Angelacos +# +# +pkgname=pi-hole-ftl +pkgver=4.2.1 +pkgrel=0 +pkgdesc="pi-hole version of dnsmasq with DNS blackholeing" +url="https://pi-hole.net/" +arch="all" +license="EUPL-1.2" +depends="!$pkgname-dnssec dnsmasq" +makedepends="linux-headers nettle-dev" +install="$pkgname.pre-install $pkgname.pre-upgrade + $pkgname-dnssec.pre-install $pkgname-dnssec.pre-upgrade" +subpackages="$pkgname-dnssec" +_project="pi-hole" +_subproject="FTL" + +source="$pkgname-$pkgver.tar.gz::https://github.com/$_project/$_subproject/archive/v${pkgver}.tar.gz + 0001-musl-poll-h.patch + 0002-musl-no-backtrace.patch + " +builddir="$srcdir/$_subproject-$pkgver" + +build() { + cd "$builddir" + + make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC" all + mv pihole-FTL pihole-FTL~dnssec + + rm obj/* + make CFLAGS="$CFLAGS" clean all +} + +# pihole-FTL doesn't provide any test suite (shame on them!), so just check that +# the binary isn't totally broken... +check() { + cd "$builddir" + ./pihole-FTL --help >/dev/null +} + +package() { + cd "$builddir" + + install -D -m 755 pihole-FTL "$pkgdir"/usr/sbin/pihole-FTL +} + +dnssec() { + pkgdesc="$pkgdesc with DNSSEC support" + depends="!$pkgname dnsmasq-dnssec" + + cd "$builddir" + + install -D -m 755 pihole-FTL~dnssec "$subpkgdir"/usr/sbin/pihole-FTL +} + +sha512sums="08c624765ea5c7b42adedf1dfaa3c6424094830a72dcf796561833b1e9762a39b83acf15c1c7fb4c504989f2af51543b7abb9cb8dbe1bb35d315e7bc57ebbee0 pi-hole-ftl-4.2.1.tar.gz +46db050171af01458832043dd0e6c670f94111afc4d8ddd228a0f72541f579c023b59dddcb3109305c233814e1891d748beca3b46253934b9a49ace078e10b4f 0001-musl-poll-h.patch +ce690aa39ce3e81ebd2ccd77368dc0f6cddb9d679c66ca8ccee0d3a415a1de6d57fe0b2dc36e416f433d3208c362667d8f3e72b23272ddb2f860a469a36112bc 0002-musl-no-backtrace.patch" diff --git a/pi-hole-ftl/pi-hole-ftl-dnssec.pre-install b/pi-hole-ftl/pi-hole-ftl-dnssec.pre-install new file mode 120000 index 0000000..faa2f00 --- /dev/null +++ b/pi-hole-ftl/pi-hole-ftl-dnssec.pre-install @@ -0,0 +1 @@ +pi-hole-ftl.pre-install \ No newline at end of file diff --git a/pi-hole-ftl/pi-hole-ftl-dnssec.pre-upgrade b/pi-hole-ftl/pi-hole-ftl-dnssec.pre-upgrade new file mode 120000 index 0000000..faa2f00 --- /dev/null +++ b/pi-hole-ftl/pi-hole-ftl-dnssec.pre-upgrade @@ -0,0 +1 @@ +pi-hole-ftl.pre-install \ No newline at end of file diff --git a/pi-hole-ftl/pi-hole-ftl.pre-install b/pi-hole-ftl/pi-hole-ftl.pre-install new file mode 100644 index 0000000..708c15b --- /dev/null +++ b/pi-hole-ftl/pi-hole-ftl.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S dnsmasq 2>/dev/null +adduser -S -D -H -h /dev/null -s /sbin/nologin -G dnsmasq -g dnsmasq dnsmasq 2>/dev/null + +exit 0 diff --git a/pi-hole-ftl/pi-hole-ftl.pre-upgrade b/pi-hole-ftl/pi-hole-ftl.pre-upgrade new file mode 120000 index 0000000..faa2f00 --- /dev/null +++ b/pi-hole-ftl/pi-hole-ftl.pre-upgrade @@ -0,0 +1 @@ +pi-hole-ftl.pre-install \ No newline at end of file diff --git a/pi-hole-ftl/pihole-FTL.confd b/pi-hole-ftl/pihole-FTL.confd new file mode 100644 index 0000000..0e94463 --- /dev/null +++ b/pi-hole-ftl/pihole-FTL.confd @@ -0,0 +1,4 @@ +# /etc/conf.d/dnsmasq: config file for /etc/init.d/dnsmasq + +# See the dnsmasq(8) man page for possible options to put here. +DNSMASQ_OPTS="--user=dnsmasq --group=dnsmasq" diff --git a/pi-hole-ftl/pihole-FTL.initd b/pi-hole-ftl/pihole-FTL.initd new file mode 100644 index 0000000..c7e753f --- /dev/null +++ b/pi-hole-ftl/pihole-FTL.initd @@ -0,0 +1,134 @@ +#!/sbin/openrc-run + +description="A lightweight DNS, DHCP, RA, TFTP and PXE server" + +extra_commands="checkconfig" +description_checkconfig="Check configuration syntax" + +extra_started_commands="reload" +description_reload="Clear cache and reload hosts files" + +: ${DNSMASQ_CONFFILE:=/etc/dnsmasq.conf} + +command="/usr/sbin/dnsmasq" +# Tell dnsmasq to not create pidfile, that's responsibility of init system. +command_args="-k --pid-file= $DNSMASQ_OPTS --conf-file=$DNSMASQ_CONFFILE" +command_background="yes" +pidfile="/run/${RC_SVCNAME}.pid" +leasefile=/var/lib/misc/$RC_SVCNAME.leases + +if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ]; then + BRIDGE="${RC_SVCNAME#*.}" + : ${BRIDGE_ADDR:="10.0.3.1"} + : ${BRIDGE_NETMASK:="255.255.255.0"} + : ${BRIDGE_NETWORK:="10.0.3.0/24"} + : ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"} + : ${BRIDGE_DHCP_MAX:="253"} + : ${BRIDGE_MAC:="00:16:3e:00:00:00" } + : ${DNSMASQ_LISTEN_BRIDGE_ADDR:=yes} +fi +. + +depend() { + provide dns + need localmount net + after bootmisc + use logger +} + +setup_firewall() { + local ins=$1 add=$2 + iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p udp --dport 53 -j ACCEPT + iptables -w $ins INPUT -i ${BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables -w $ins FORWARD -i ${BRIDGE} -j ACCEPT + iptables -w $ins FORWARD -o ${BRIDGE} -j ACCEPT + iptables -w -t nat $add POSTROUTING -s ${BRIDGE_NETWORK} ! -d ${BRIDGE_NETWORK} -j MASQUERADE + iptables -w -t mangle $add POSTROUTING -o ${BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +} + +setup_bridge() { + if ! [ -d /sys/class/net/$BRIDGE ]; then + ip link add dev $BRIDGE type bridge + fi + + ip link set dev $BRIDGE address ${BRIDGE_MAC} && \ + for ADDR in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + case "$ADDR" in + */*) ip addr add ${ADDR} dev $BRIDGE;; + *) ip addr add ${ADDR}/${BRIDGE_NETMASK} dev $BRIDGE;; + esac + done && ip link set dev $BRIDGE up + + echo 1 > /proc/sys/net/ipv4/ip_forward + echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/accept_dad || true + + if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 0 > /proc/sys/net/ipv6/conf/${BRIDGE}/autoconf + ip -6 addr add dev ${BRIDGE} ${BRIDGE_IPV6_ADDR}/${BRIDGE_IPV6_MASK} + if [ "$BRIDGE_IPV6_NAT" = "true" ]; then + ip6tables -w -t nat -A POSTROUTING -s ${BRIDGE_IPV6_NETWORK} ! -d ${BRIDGE_IPV6_NETWORK} -j MASQUERADE + fi + command_args="$command_args --dhcp-range=${BRIDGE_IPV6_ADDR},ra-only --listen-address ${BRIDGE_IPV6_ADDR}" + fi + +} + +start_pre() { + $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ + || $command --test || return 1 + checkpath -m 0644 -o dnsmasq:dnsmasq -f $leasefile || return 1 + + if [ -n "$DNSMASQ_CONFFILE" ]; then + command_args="$command_args --conf-file=$DNSMASQ_CONFFILE" + fi + if [ -z "$BRIDGE" ]; then + return 0 + fi + + setup_bridge + if [ -z "$DISABLE_IPTABLES" ]; then + setup_firewall -I -A + fi + if yesno "$DNSMASQ_LISTEN_BRIDGE_ADDR"; then + local addr + for addr in $BRIDGE_ADDR; do + command_args="$command_args --listen-address ${addr%/*}" + done + fi + command_args="$command_args --strict-order --bind-interfaces --except-interface=lo --interface=$BRIDGE --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative" +} + +stop_post() { + if [ -n "$BRIDGE" ]; then + local addr + for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + case "$addr" in + */*) ip addr del $addr dev $BRIDGE;; + *) ip addr del $addr/${BRIDGE_NETMASK} dev $BRIDGE;; + esac + done + ip link set dev $BRIDGE down + if [ -z "$DISABLE_IPTABLES" ]; then + setup_firewall -D -D + fi + # dont destroy if there are attached interfaces + ls /sys/class/net/${BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${BRIDGE} + fi +} + +reload() { + ebegin "Reloading $RC_SVCNAME" + $command --test --conf-file=$DNSMASQ_CONFFILE >/dev/null 2>&1 \ + || $command --test || return 1 + start-stop-daemon --signal HUP --pidfile "$pidfile" + eend $? +} + +checkconfig() { + ebegin "Checking $RC_SVCNAME configuration" + $command --test --conf-file=$DNSMASQ_CONFFILE + eend $? +} -- cgit v1.2.3