diff --git a/net/adblock/Makefile b/net/adblock/Makefile index ba537ae18..b72b8cb88 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock PKG_VERSION:=4.4.0 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index b2c65bccf..071665dd5 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -14,14 +14,14 @@ A lot of people already use adblocker plugins within their desktop browsers, but | :------------------ | :-----: | :--- | :--------------- | :-------------------------------------------------------------------------------- | | 1Hosts | | VAR | compilation | [Link](https://github.com/badmojr/1Hosts) | | adaway | | S | mobile | [Link](https://github.com/AdAway/adaway.github.io) | -| adguard | x | L | general | [Link](https://adguard.com) | -| adguard_tracking | | L | tracking | [Link](https://github.com/AdguardTeam/cname-trackers) | +| adguard | x | L | general | [Link](https://adguard.com) | +| adguard_tracking | x | L | tracking | [Link](https://github.com/AdguardTeam/cname-trackers) | | android_tracking | | S | tracking | [Link](https://github.com/Perflyst/PiHoleBlocklist) | | andryou | | L | compilation | [Link](https://gitlab.com/andryou/block/-/blob/master/readme.md) | | anti_ad | | L | compilation | [Link](https://github.com/privacy-protection-tools/anti-AD/blob/master/README.md) | | anudeep | | M | compilation | [Link](https://github.com/anudeepND/blacklist) | | bitcoin | | S | mining | [Link](https://github.com/hoshsadiq/adblock-nocoin-list) | -| certpl | | L | phishing | [Link](https://cert.pl/en/warning-list/) | +| certpl | x | L | phishing | [Link](https://cert.pl/en/warning-list/) | | cpbl | | XL | compilation | [Link](https://github.com/bongochong/CombinedPrivacyBlockLists) | | disconnect | | S | general | [Link](https://disconnect.me) | | doh_blocklist | | S | doh_server | [Link](https://github.com/dibdot/DoH-IP-blocklists) | @@ -95,7 +95,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but * Additional local blocklist for manual overrides, located in '/etc/adblock/adblock.blocklist' * Quality checks during blocklist update to ensure a reliable DNS backend service * Minimal status & error logging to syslog, enable debug logging to receive more output -* Procd based init system support ('start', 'stop', 'restart', 'reload', 'enable', 'disable', 'running', 'status', 'suspend', 'resume', 'query', 'report') +* Procd based init system support ('start', 'stop', 'restart', 'reload', 'enable', 'disable', 'running', 'status', 'suspend', 'resume', 'query', 'report') * Auto-Startup via procd network interface trigger or via classic time based startup * Suspend & Resume adblock temporarily without blocklist re-processing * Provides comprehensive runtime information @@ -110,26 +110,27 @@ A lot of people already use adblocker plugins within their desktop browsers, but ## Prerequisites -* [OpenWrt](https://openwrt.org), tested with the stable release series and with the latest snapshot releases. - Please note: Devices with less than 128 MByte RAM are _not_ supported! - Please note: For performance reasons, adblock depends on gnu awk (gawk) by default. - If you insist to use the slow busybox awk implementation, remove the gawk package afterwards (_opkg remove gawk --force-depends_) or install adblock without any dependency checks/installation (_opkg install adblock --nodeps_). Both installation variants are officially unsupported. -* A usual setup with an enabled DNS backend at minimum - dumb AP modes without a working DNS backend are _not_ supported +* **[OpenWrt](https://openwrt.org)**, latest stable release 24.x or a development snapshot +* A usual setup with a working DNS backend * A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries or 'curl' is required * A certificate store such as 'ca-bundle' or 'ca-certificates', as adblock checks the validity of the SSL certificates of all download sites by default -* Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package -* Optional DNS Query Report support: for DNS reporting you need to install the additional package 'tcpdump-mini' or 'tcpdump' +* For E-Mail notifications you need to install and setup the additional 'msmtp' package +* For DNS reporting you need to install the additional package 'tcpdump-mini' or 'tcpdump' + +**Please note:** +* Devices with less than 128MB of RAM are **_not_** supported +* For performance reasons, adblock depends on gnu sort and gawk ## Installation & Usage -* Update your local opkg repository (_opkg update_) -* Install 'adblock' (_opkg install adblock_). The adblock service is enabled by default -* Install the LuCI companion package 'luci-app-adblock' (_opkg install luci-app-adblock_) +* Update your local opkg/apk repository +* Install the LuCI companion package 'luci-app-adblock' which also installs the main 'adblock' package as a dependency * It's strongly recommended to use the LuCI frontend to easily configure all aspects of adblock, the application is located in LuCI under the 'Services' menu +* It's also recommended to configure at least a 'Startup Trigger Interface' to depend on WAN ifup events during boot or restart of your router ## Adblock CLI interface -* All important adblock functions are accessible via CLI as well. +* The most important adblock functions are accessible via CLI as well. ``` ~# /etc/init.d/adblock @@ -162,14 +163,14 @@ Available commands: | adb_enabled | 1, enabled | set to 0 to disable the adblock service | | adb_feedfile | /etc/adblock/adblock.feeds | full path to the used adblock feed file | | adb_dns | -, auto-detected | 'dnsmasq', 'unbound', 'named', 'kresd', 'smartdns' or 'raw' | -| adb_fetchutil | -, auto-detected | 'uclient-fetch', 'wget' or 'curl' | +| adb_fetchcmd | -, auto-detected | 'uclient-fetch', 'wget' or 'curl' | | adb_fetchparm | -, auto-detected | manually override the config options for the selected download utility | | adb_fetchinsecure | 0, disabled | don't check SSL server certificates during download | | adb_trigger | -, not set | trigger network interface or 'not set' to use a time-based startup | | adb_triggerdelay | 2 | additional trigger delay in seconds before adblock processing begins | | adb_debug | 0, disabled | set to 1 to enable the debug output | | adb_nice | 0, standard prio. | valid nice level range 0-19 of the adblock processes | -| adb_forcedns | 0, disabled | set to 1 to force DNS requests to the local resolver | +| adb_dnsforce | 0, disabled | set to 1 to force DNS requests to the local resolver | | adb_dnsdir | -, auto-detected | path for the generated blocklist file 'adb_list.overall' | | adb_dnstimeout | 10 | timeout in seconds to wait for a successful DNS backend restart | | adb_dnsinstance | 0, first instance | set to the relevant dns backend instance used by adblock (dnsmasq only) | @@ -198,6 +199,7 @@ Available commands: ## Examples + **Change the DNS backend to 'unbound':** No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default. To preserve the DNS cache after adblock processing please install the additional package 'unbound-control'. @@ -221,8 +223,7 @@ and at the end of the file add: ``` **Change the DNS backend to 'kresd':** -Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no further configuration needed. -Please note: The knot-resolver (kresd) is only available on Turris devices and does not support the SafeSearch functionality yet. +Adblock deposits the final blocklist 'adb_list.overall' in '/tmp/kresd', no further configuration needed. **Change the DNS backend to 'smartdns':** No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/tmp/smartdns' by default. @@ -259,6 +260,14 @@ password xxx Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI. +**Send status E-Mails and update the adblock lists via cron job** +For a regular, automatic status mailing and update of the used lists on a daily basis set up a cron job, e.g. + +``` +55 03 * * * /etc/init.d/adblock report mail +00 04 * * * /etc/init.d/adblock reload +``` + **Service status output:** In LuCI you'll see the realtime status in the 'Runtime' section on the overview page. To get the status in the CLI, just call _/etc/init.d/adblock status_ or _/etc/init.d/adblock status\_service_: diff --git a/net/adblock/files/adblock.conf b/net/adblock/files/adblock.conf index e85da6559..8df38c22a 100644 --- a/net/adblock/files/adblock.conf +++ b/net/adblock/files/adblock.conf @@ -2,8 +2,11 @@ config adblock 'global' option adb_enabled '1' option adb_debug '0' - option adb_forcedns '0' + option adb_dnsforce '0' + option adb_dnsshift '0' option adb_safesearch '0' option adb_mail '0' option adb_report '0' list adb_feed 'adguard' + list adb_feed 'adguard_tracking' + list adb_feed 'certpl' diff --git a/net/adblock/files/adblock.mail b/net/adblock/files/adblock.mail index a5132aacc..fba9862f0 100755 --- a/net/adblock/files/adblock.mail +++ b/net/adblock/files/adblock.mail @@ -8,10 +8,6 @@ # set (s)hellcheck exceptions # shellcheck disable=all -LC_ALL=C -PATH="/usr/sbin:/usr/bin:/sbin:/bin" - -[ -r "/lib/functions.sh" ] && . "/lib/functions.sh" [ -r "/usr/bin/adblock.sh" ] && . "/usr/bin/adblock.sh" "mail" adb_debug="$(uci_get adblock global adb_debug "0")" @@ -27,7 +23,7 @@ adb_mailhead="From: ${adb_mailsender}\nTo: ${adb_mailreceiver}\nSubject: ${adb_m # info preparation # -sys_info="$("${adb_stringscmd}" /etc/banner 2>/dev/null; "${adb_ubuscmd}" call system board | "${adb_awkcmd}" 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}' 2>/dev/null)" +sys_info="$("${adb_catcmd}" /etc/banner 2>/dev/null; "${adb_ubuscmd}" call system board | "${adb_awkcmd}" 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}' 2>/dev/null)" adb_info="$(/etc/init.d/adblock status 2>/dev/null)" rep_info="${1}" if [ -x "${adb_logreadcmd}" ]; then diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh index bcf611062..084a1c483 100755 --- a/net/adblock/files/adblock.sh +++ b/net/adblock/files/adblock.sh @@ -202,7 +202,7 @@ f_char() { # load dns backend config # f_dns() { - local util utils dns_section dns_info mem_free + local util utils dns_section dns_info mem_free dir mem_free="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)" if [ "${adb_action}" = "start" ] && [ -z "${adb_trigger}" ]; then @@ -292,11 +292,11 @@ f_dns() { adb_dnscachecmd="-" adb_dnsinstance="${adb_dnsinstance:-"0"}" adb_dnsuser="${adb_dnsuser:-"root"}" - adb_dnsdir="${adb_dnsdir:-"/etc/kresd"}" + adb_dnsdir="${adb_dnsdir:-"/tmp/kresd"}" adb_dnsheader="${adb_dnsheader:-"\$TTL 2h\n@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)\n"}" adb_dnsdeny="${adb_dnsdeny:-"${adb_awkcmd} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}" adb_dnsallow="${adb_dnsallow:-"${adb_awkcmd} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}" - adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awkcmd} -v item=\"\$item\" '{type=\"AAAA\";if(match(item,/^([0-9]{1,3}\.){3}[0-9]{1,3}$/)){type=\"A\"}}{print \"\"\$0\" \"type\" \"item\"\"}'"}" + adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awkcmd} -v item=\"\$item\" '{print \"\"\$0\" CNAME \"item\".\\n*.\"\$0\" CNAME \"item\".\"}'"}" adb_dnsstop="${adb_dnsstop:-"* CNAME ."}" ;; "smartdns") @@ -329,9 +329,9 @@ f_dns() { adb_finaldir="${adb_backupdir}" fi if [ "${adb_action}" != "stop" ]; then - [ ! -d "${adb_backupdir}" ] && mkdir -p "${adb_backupdir}" - [ ! -d "${adb_finaldir}" ] && mkdir -p "${adb_finaldir:-"/tmp"}" - [ "${adb_jail}" = "1" ] && [ ! -d "${adb_jaildir}" ] && mkdir -p "${adb_jaildir:-"/tmp"}" + for dir in "${adb_dnsdir:-"/tmp"}" "${adb_backupdir:-"/tmp"}" "${adb_jaildir:-"/tmp"}"; do + [ ! -d "${dir}" ] && mkdir -p "${dir}" + done if [ "${adb_dnsflush}" = "1" ] || [ "${mem_free}" -lt "64" ]; then printf "%b" "${adb_dnsheader}" >"${adb_finaldir}/${adb_dnsfile}" f_dnsup @@ -490,21 +490,22 @@ f_extconf() { "kresd") config="resolver" if [ "${adb_enabled}" = "1" ] && - ! uci_get ${config} kresd rpz_file | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then - uci -q add_list ${config}.kresd.rpz_file="${adb_finaldir}/${adb_dnsfile}" + ! uci_get ${config} kresd rpz_file | "${adb_grepcmd}" -q "${adb_dnsdir}/${adb_dnsfile}"; then + + uci -q add_list ${config}.kresd.rpz_file="${adb_dnsdir}/${adb_dnsfile}" elif [ "${adb_enabled}" = "0" ] && - uci_get ${config} kresd rpz_file | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then - uci -q del_list ${config}.kresd.rpz_file="${adb_finaldir}/${adb_dnsfile}" + uci_get ${config} kresd rpz_file | "${adb_grepcmd}" -q "${adb_dnsdir}/${adb_dnsfile}"; then + uci -q del_list ${config}.kresd.rpz_file="${adb_dnsdir}/${adb_dnsfile}" fi ;; "smartdns") config="smartdns" if [ "${adb_enabled}" = "1" ] && - ! uci_get ${config} @${config}[${adb_dnsinstance}] conf_files | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then - uci -q add_list ${config}.@${config}[${adb_dnsinstance}].conf_files="${adb_finaldir}/${adb_dnsfile}" + ! uci_get ${config} @${config}[${adb_dnsinstance}] conf_files | "${adb_grepcmd}" -q "${adb_dnsdir}/${adb_dnsfile}"; then + uci -q add_list ${config}.@${config}[${adb_dnsinstance}].conf_files="${adb_dnsdir}/${adb_dnsfile}" elif [ "${adb_enabled}" = "0" ] && - uci_get ${config} @${config}[${adb_dnsinstance}] conf_files | "${adb_grepcmd}" -q "${adb_finaldir}/${adb_dnsfile}"; then - uci -q del_list ${config}.@${config}[${adb_dnsinstance}].conf_files="${adb_finaldir}/${adb_dnsfile}" + uci_get ${config} @${config}[${adb_dnsinstance}] conf_files | "${adb_grepcmd}" -q "${adb_dnsdir}/${adb_dnsfile}"; then + uci -q del_list ${config}.@${config}[${adb_dnsinstance}].conf_files="${adb_dnsdir}/${adb_dnsfile}" fi ;; esac @@ -517,7 +518,7 @@ f_extconf() { for port in ${adb_portlist}; do if ! printf "%s" "${fwcfg}" | "${adb_grepcmd}" -q "adblock_${zone}${port}"; then config="firewall" - if "${adb_lookupcmd}" "localhost" "127.0.0.1:${port}" >/dev/null 2>&1; then + if "${adb_lookupcmd}" "localhost." "127.0.0.1:${port}" >/dev/null 2>&1; then uci -q batch <<-EOC set firewall."adblock_${zone}${port}"="redirect" set firewall."adblock_${zone}${port}".name="Adblock DNS (${zone}, ${port})" @@ -601,7 +602,7 @@ f_dnsup() { break fi cnt="$((cnt + 1))" - sleep 1 + sleep 2 done if [ "${out_rc}" = "0" ] && [ "${adb_dns}" = "unbound" ]; then if [ -x "${adb_dnscachecmd}" ] && [ -d "${adb_tmpdir}" ] && [ -s "${adb_tmpdir}/adb_cache.dump" ]; then @@ -628,17 +629,17 @@ f_etag() { if [ -z "${etag_id}" ]; then etag_id="$(printf "%s" "${http_head}" | "${adb_awkcmd}" 'tolower($0)~/^[[:space:]]*last-modified: /{gsub(/[Ll]ast-[Mm]odified:|[[:space:]]|,|:/,"");printf "%s\n",$1}')" fi - etag_cnt="$("${adb_grepcmd}" -c "^${feed}" "${adb_backupdir}/adblock.etag")" + etag_cnt="$("${adb_grepcmd}" -c "^${feed} " "${adb_backupdir}/adblock.etag")" if [ "${http_code}" = "200" ] && [ "${etag_cnt}" = "${feed_cnt}" ] && [ -n "${etag_id}" ] && - "${adb_grepcmd}" -q "^${feed}${feed_suffix}[[:space:]]\+${etag_id}\$" "${adb_backupdir}/adblock.etag"; then + "${adb_grepcmd}" -q "^${feed} ${feed_suffix}[[:space:]]\+${etag_id}\$" "${adb_backupdir}/adblock.etag"; then out_rc="0" elif [ -n "${etag_id}" ]; then if [ "${feed_cnt}" -lt "${etag_cnt}" ]; then - "${adb_sedcmd}" -i "/^${feed}/d" "${adb_backupdir}/adblock.etag" + "${adb_sedcmd}" -i "/^${feed} /d" "${adb_backupdir}/adblock.etag" else - "${adb_sedcmd}" -i "/^${feed}${feed_suffix//\//\\/}/d" "${adb_backupdir}/adblock.etag" + "${adb_sedcmd}" -i "/^${feed} ${feed_suffix//\//\\/}/d" "${adb_backupdir}/adblock.etag" fi - printf "%-80s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${adb_backupdir}/adblock.etag" + printf "%-80s%s\n" "${feed} ${feed_suffix}" "${etag_id}" >>"${adb_backupdir}/adblock.etag" out_rc="2" fi @@ -719,7 +720,7 @@ f_list() { ;; "safesearch") file_name="${adb_tmpdir}/tmp.safesearch.${src_name}" - if [ "${adb_dns}" = "named" ] || [ "${adb_dns}" = "smartdns" ]; then + if [ "${adb_dns}" = "named" ] || [ "${adb_dns}" = "kresd" ] || [ "${adb_dns}" = "smartdns" ]; then use_cname="1" fi case "${src_name}" in @@ -735,7 +736,7 @@ f_list() { "${adb_gzipcmd}" -cf "${adb_tmpdir}/tmp.load.safesearch.${src_name}" >"${adb_backupdir}/safesearch.${src_name}.gz" fi fi - safe_domains="$("${adb_awkcmd}" "${rset}" "${adb_tmpdir}/tmp.load.safesearch.${src_name}")" + [ -s "${adb_tmpdir}/tmp.load.safesearch.${src_name}" ] && safe_domains="$("${adb_awkcmd}" "${rset}" "${adb_tmpdir}/tmp.load.safesearch.${src_name}")" ;; "bing") safe_cname="strict.bing.com" @@ -779,8 +780,8 @@ f_list() { break fi done - out_rc="${?}" : >"${adb_tmpdir}/tmp.raw.safesearch.${src_name}" + out_rc="0" fi ;; "prepare") @@ -847,7 +848,7 @@ f_list() { if [ "${adb_safesearch}" = "1" ] && [ "${adb_dnssafesearch}" != "0" ]; then ffiles="${ffiles} -a ! -name safesearch.google.gz" fi - find "${adb_backupdir}" ${ffiles} -print0 2>/dev/null | xargs -0 rm 2>/dev/null + "${adb_findcmd}" "${adb_backupdir}" ${ffiles} -print0 2>/dev/null | xargs -0 rm 2>/dev/null "${adb_sortcmd}" ${adb_srtopts} -mu "${adb_tmpfile}".* 2>/dev/null >"${file_name}" out_rc="${?}" rm -f "${adb_tmpfile}".* @@ -1480,13 +1481,13 @@ adb_grepcmd="$(f_cmd grep)" adb_gzipcmd="$(f_cmd gzip)" adb_pgrepcmd="$(f_cmd pgrep)" adb_sedcmd="$(f_cmd sed)" +adb_findcmd="$(f_cmd find)" adb_jsoncmd="$(f_cmd jsonfilter)" adb_ubuscmd="$(f_cmd ubus)" adb_loggercmd="$(f_cmd logger)" adb_lookupcmd="$(f_cmd nslookup)" adb_dumpcmd="$(f_cmd tcpdump optional)" adb_mailcmd="$(f_cmd msmtp optional)" -adb_stringscmd="$(f_cmd strings optional)" adb_logreadcmd="$(f_cmd logread optional)" # handle different adblock actions