Merge pull request #1102 from pi-hole/dev

Merge Dev->master for new tag

.github/workflows/test-and-build.yaml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       ARCH: amd64
-      DEBIAN_VERSION: buster
+      DEBIAN_VERSION: bullseye
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v3
@@ -40,14 +40,14 @@ jobs:
           ref: dev
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           images: |
@@ -61,20 +61,20 @@ jobs:
             type=ref,event=tag
       -
         name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_PASS }}
       -
         name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       -
         name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           platforms: linux/amd64, linux/arm64, linux/386, linux/arm/v7, linux/arm/v6

Dockerfile.py

@@ -48,7 +48,7 @@ def run_and_stream_command_output(command, environment_vars, verbose) -> bool:
                 print(line, end='')
     build_result.wait()
     if build_result.returncode != 0:
-        print("     ::: Error running".format(command))
+        print(f'     ::: Error running: {command}')
         print(build_result.stderr)
     return build_result.returncode == 0
 

Dockerfile.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # @param ${ARCH}             The architecture to build. Example: amd64
-# @param ${DEBIAN_VERSION}   The debian version to build. Example: buster
+# @param ${DEBIAN_VERSION}   The debian version to build. Example: bullseye
 # @param ${ARCH_IMAGE}       What the Docker Hub Image should be tagged as [default: None]
 
 set -eux

Dockerfile_build

@@ -1,4 +1,4 @@
-FROM python:3.8-buster
+FROM python:3.8-bullseye
 
 # Only works for docker CLIENT (bind mounted socket)
 COPY --from=docker:18.09.3 /usr/local/bin/docker /usr/local/bin/

README.md

@@ -13,7 +13,7 @@
 
   The first recommendation is to upgrade your host OS, which will include a more up to date (and fixed) version of `libseccomp`. 
 
-  _If you absolutely cannot do this, some users [have reported](https://github.com/pi-hole/docker-pi-hole/issues/1042#issuecomment-1086728157) success in updating `libseccomp2` via backports on debian, or similar via updates on Ubuntu. You can try this workaround at your own risk_  
+  _If you absolutely cannot do this, some users [have reported](https://github.com/pi-hole/docker-pi-hole/issues/1042#issuecomment-1086728157) success in updating `libseccomp2` via backports on debian, or similar via updates on Ubuntu. You can try this workaround at your own risk_  (Note, you may also find that you need the latest `docker.io` (more details [here](https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/))
 
 - Some users [have reported issues](https://github.com/pi-hole/docker-pi-hole/issues/963#issuecomment-1095602502) with using the `--privileged` flag on `2022.04` and above. TL;DR, don't use that that mode, and be [explicit with the permitted caps](https://github.com/pi-hole/docker-pi-hole#note-on-capabilities) (if needed) instead
 
@@ -222,23 +222,16 @@ Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq.
 
 ## Docker tags and versioning
 
-The primary docker tags / versions are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/pihole/pihole/tags), I also try to tag with the specific version of Pi-hole Core for version archival purposes, the web version that comes with the core releases should be in the [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases).
+The primary docker tags are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/pihole/pihole/tags). See [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases) to see the specific version of Pi-hole Core, Web, and FTL included in the release.
 
-| tag                     | architecture | description                                                             | Dockerfile |
-| ---                     | ------------ | -----------                                                             | ---------- |
-| `latest`                | auto detect  | x86, arm, or arm64 container, docker auto detects your architecture.    | [Dockerfile](https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile) |
-| `v5.0`                  | auto detect  | Versioned tags, if you want to pin against a specific Pi-hole version, use one of these |  |
-| `v5.0-buster`           | auto detect  | Versioned tags, if you want to pin against a specific Pi-hole and Debian version, use one of these |  |
-| `v5.0-<arch>-buster `   | based on tag | Specific architectures and Debian version tags | |
-| `dev`                   | auto detect  | like latest tag, but for the development branch (pushed occasionally)   | |
-| `beta-*`                | auto detect  | Early beta releases of upcoming versions - here be dragons              | |
-| `nightly`               | auto detect  | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, AdminLTE, FTL)  | |
-
-### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com")
-
-This version of the docker aims to be as close to a standard Pi-hole installation by using the recommended base OS and the exact configs and scripts (minimally modified to get them working).  This enables fast updating when an update comes from Pi-hole.
-
-https://hub.docker.com/r/pihole/pihole/tags/
+| tag                 | description                                                                                                                                
+|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| `latest`            | Always latest release                                                                                                                      |
+| `2022.04`           | Date-based release that can receive bugfix updates                                                                                         |
+| `2022.04.1`         | A specific image that will not receive updates                                                                                             |
+| `dev`               | Similar to `latest`, but for the development branch (pushed occasionally)                                                                  |
+| `*beta`             | Early beta releases of upcoming versions - here be dragons                                                                                 |
+| `nightly`           | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, AdminLTE, FTL) |
 
 ## Upgrading, Persistence, and Customizations
 

bash_functions.sh

@@ -7,11 +7,11 @@ fix_capabilities() {
     # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
     # FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
 
-    /sbin/capsh '==' --print | grep "Current:" | grep -q cap_chown && CAP_STR+=',CAP_CHOWN'
-    /sbin/capsh '==' --print | grep "Current:" | grep -q cap_net_bind_service && CAP_STR+=',CAP_NET_BIND_SERVICE'
-    /sbin/capsh '==' --print | grep "Current:" | grep -q cap_net_raw && CAP_STR+=',CAP_NET_RAW'
-    /sbin/capsh '==' --print | grep "Current:" | grep -q cap_net_admin && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
-    /sbin/capsh '==' --print | grep "Current:" | grep -q cap_sys_nice && CAP_STR+=',CAP_SYS_NICE'    
+    /sbin/capsh --has-p=cap_chown && CAP_STR+=',CAP_CHOWN'
+    /sbin/capsh --has-p=cap_net_bind_service && CAP_STR+=',CAP_NET_BIND_SERVICE'
+    /sbin/capsh --has-p=cap_net_raw && CAP_STR+=',CAP_NET_RAW'
+    /sbin/capsh --has-p=cap_net_admin && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
+    /sbin/capsh --has-p=cap_sys_nice && CAP_STR+=',CAP_SYS_NICE'    
 
     if [[ ${CAP_STR} ]]; then
         # We have the (some of) the above caps available to us - apply them to pihole-FTL

build.yml

@@ -9,9 +9,9 @@ x-common-args: &common-args
 
 services:
   amd64:
-    image: pihole:${PIHOLE_DOCKER_TAG}-amd64-${DEBIAN_VERSION:-buster}
+    image: pihole:${PIHOLE_DOCKER_TAG}-amd64-${DEBIAN_VERSION:-bullseye}
     build:
       context: .
       args:
         <<: *common-args
-        PIHOLE_BASE: ghcr.io/pi-hole/docker-pi-hole-base:${DEBIAN_VERSION:-buster}-slim
+        PIHOLE_BASE: ghcr.io/pi-hole/docker-pi-hole-base:${DEBIAN_VERSION:-bullseye}-slim

gh-actions-test.sh

@@ -4,8 +4,8 @@ set -ex
 # Script ran by Github actions for tests
 #
 # @environment ${ARCH}              The architecture to build. Example: amd64.
-# @environment ${DEBIAN_VERSION}    Debian version to build. ('buster' or 'stretch').
-# @environment ${ARCH_IMAGE}        What the Docker Hub Image should be tagged as. Example: pihole/pihole:master-amd64-buster
+# @environment ${DEBIAN_VERSION}    Debian version to build. ('bullseye' or 'buster').
+# @environment ${ARCH_IMAGE}        What the Docker Hub Image should be tagged as. Example: pihole/pihole:master-amd64-bullseye
 
 # setup qemu/variables
 docker run --rm --privileged multiarch/qemu-user-static:register --reset > /dev/null

gh-actions-vars.sh

@@ -2,14 +2,14 @@
 set -a
 
 # @environment ${ARCH}                    The architecture to build. Defaults to 'amd64'.
-# @environment ${DEBIAN_VERSION}          Debian version to build. Defaults to 'buster'.
+# @environment ${DEBIAN_VERSION}          Debian version to build. Defaults to 'bullseye'.
 # @environment ${DOCKER_HUB_REPO}         The docker hub repo to tag images for. Defaults to 'pihole'.
 # @environment ${DOCKER_HUB_IMAGE_NAME}   The name of the resulting image. Defaults to 'pihole'.
 
 GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g")
 GIT_TAG=$(git describe --tags --exact-match 2> /dev/null || true)
 
-DEFAULT_DEBIAN_VERSION="buster"
+DEFAULT_DEBIAN_VERSION="bullseye"
 
 if [[ -z "${ARCH}" ]]; then
     ARCH="amd64"

install.sh

@@ -76,11 +76,6 @@ sed -i $'s/)\s*uninstallFunc/) unsupportedFunc/g' /usr/local/bin/pihole
 # pihole -r / pihole reconfigure
 sed -i $'s/)\s*reconfigurePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
 
-if [[ "${PIHOLE_DOCKER_TAG}" != "dev" && "${PIHOLE_DOCKER_TAG}" != "nightly" ]]; then
-  # If we are on a version other than dev or nightly, disable `pihole checkout`, otherwise it is useful to have for quick troubleshooting sometimes
-  sed -i $'s/)\s*piholeCheckoutFunc/) unsupportedFunc/g' /usr/local/bin/pihole
-fi
-
 if [ ! -f /.piholeFirstBoot ]; then
   touch /.piholeFirstBoot
 fi

test/conftest.py

@@ -7,7 +7,7 @@
 local_host = testinfra.get_host('local://')
 check_output = local_host.check_output
 
-DEBIAN_VERSION = os.environ.get('DEBIAN_VERSION', 'buster')
+DEBIAN_VERSION = os.environ.get('DEBIAN_VERSION', 'bullseye')
 
 @pytest.fixture()
 def run_and_stream_command_output():
@@ -23,7 +23,7 @@ def run_and_stream_command_output_inner(command, verbose=False):
                     print(line, end='')
         build_result.wait()
         if build_result.returncode != 0:
-            print("     ::: Error running".format(command))
+            print(f'     ::: Error running: {command}')
             print(build_result.stderr)
     return run_and_stream_command_output_inner
 

test/test_bash_functions.py

@@ -168,14 +168,14 @@ def test_DNS_interface_override_defaults(Docker, Slow, args_env, expected_stdout
 def test_debian_setup_php_env(Docker, expected_lines, repeat_function):
     ''' confirm all expected output is there and nothing else '''
     stdout = ''
-    for i in range(repeat_function):
+    for _ in range(repeat_function):
         stdout = Docker.run('. /bash_functions.sh ; eval `grep setup_php_env /start.sh`').stdout
     for expected_line in expected_lines:
         search_config_cmd = "grep -c '{}' /etc/lighttpd/conf-enabled/15-fastcgi-php.conf".format(expected_line)
         search_config_count = Docker.run(search_config_cmd)
         found_lines = int(search_config_count.stdout.rstrip('\n'))
         if found_lines > 1:
-            assert False, "Found line {} times (more than once): {}".format(expected_line)
+            assert False, f'Found line {expected_line} times (more than once): {found_lines}'
 
 
 def test_webPassword_random_generation(Docker):

test/test_volume_data.sh

@@ -33,7 +33,7 @@ trap "cleanup" INT TERM EXIT
 # VOLUME TESTS
 
 # Given...
-DEBIAN_VERSION="$(DEBIAN_VERSION:-buster)"
+DEBIAN_VERSION="$(DEBIAN_VERSION:-bullseye)"
 IMAGE="${1:-pihole:v5.0-amd64}-${DEBIAN_VERSION}"   # Default is latest build test image (generic, non release/branch tag)
 VOLUMES="$(mktemp -d)"                              # A fresh volume directory
 VOL_PH="$VOLUMES/pihole"