From: Dirk Brenken Date: Sat, 3 May 2025 12:37:13 +0000 (+0200) Subject: adblock: update 4.4.1-2 X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=52b51e30f4c7f7c444a00563feecbc9f24139b28;p=feed%2Fpackages.git adblock: update 4.4.1-2 * init improvements * jail mode fixes and improvements * small code cleanups * update the readme Signed-off-by: Dirk Brenken --- diff --git a/net/adblock/Makefile b/net/adblock/Makefile index f72d77b46f..46ec6dde36 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock PKG_VERSION:=4.4.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index 7dbb80c499..41c0c7ab1f 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -88,7 +88,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but * Supports a wide range of router modes, even AP modes are supported * Full IPv4 and IPv6 support * Provides top level domain compression ('tld compression'), this feature removes thousands of needless host entries from the blocklist and lowers the memory footprint for the DNS backend -* Provides a 'DNS Shift', where the generated final DNS blocklist is moved to the backup directory and only a soft link to this file is set in memory. As long as your backup directory is located on an external drive, you should activate this option to save disk space. +* Provides a 'DNS Blocklist Shift', where the generated final DNS blocklist is moved to the backup directory and only a soft link to this file is set in memory. As long as your backup directory is located on an external drive, you should activate this option to save valuable RAM. * Source parsing by fast & flexible regex rulesets, all rules and feed information are placed in an external JSON file ('/etc/adblock/adblock.feeds') * Overall duplicate removal in generated blocklist file 'adb_list.overall' * Additional local allowlist for manual overrides, located in '/etc/adblock/adblock.allowlist' (only exact matches). @@ -169,12 +169,13 @@ Available commands: | adb_fetchparm | -, auto-detected | manually override the config options for the selected download utility | | adb_fetchinsecure | 0, disabled | don't check SSL server certificates during download | | adb_trigger | -, not set | trigger network interface or 'not set' to use a time-based startup | -| adb_triggerdelay | 2 | additional trigger delay in seconds before adblock processing begins | +| adb_triggerdelay | 5 | additional trigger delay in seconds before adblock processing begins | | adb_debug | 0, disabled | set to 1 to enable the debug output | | adb_nice | 0, standard prio. | valid nice level range 0-19 of the adblock processes | +| adb_dnsshift | 0, disabled | shift the blocklist to the backup directory and only set a soft link to this file in memory | | adb_dnsforce | 0, disabled | set to 1 to force DNS requests to the local resolver | | adb_dnsdir | -, auto-detected | path for the generated blocklist file 'adb_list.overall' | -| adb_dnstimeout | 10 | timeout in seconds to wait for a successful DNS backend restart | +| adb_dnstimeout | 20 | timeout in seconds to wait for a successful DNS backend restart | | adb_dnsinstance | 0, first instance | set to the relevant dns backend instance used by adblock (dnsmasq only) | | adb_dnsflush | 0, disabled | set to 1 to flush the DNS Cache before & after adblock processing | | adb_lookupdomain | localhost | domain to check for a successful DNS backend restart | @@ -196,7 +197,7 @@ Available commands: | adb_mailsender | no-reply@adblock | sender address for adblock notification E-Mails | | adb_mailtopic | adblock notification | topic for adblock notification E-Mails | | adb_mailprofile | adb_notify | mail profile used in 'msmtp' for adblock notification E-Mails | -| adb_jail | 0 | set to 1 to enable the additional, restrictive 'adb_list.jail' creation | +| adb_jail | 0 | create the additional restrictive 'adb_list.jail' | | adb_jaildir | /tmp | path for the generated jail list | @@ -230,8 +231,8 @@ Adblock deposits the final blocklist 'adb_list.overall' in '/tmp/kresd', no furt **Change the DNS backend to 'smartdns':** No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/tmp/smartdns' by default. -**Use restrictive jail modes:** -You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only). +**Use the jail mode, a restrictive DNS blocklist:** +You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, the jail blocklist replaces your default blocklist. **Manually override the download options:** By default adblock uses the following pre-configured download options: @@ -281,19 +282,19 @@ In LuCI you'll see the realtime status in the 'Runtime' section on the overview To get the status in the CLI, just call _/etc/init.d/adblock status_ or _/etc/init.d/adblock status\_service_: ``` -~#@blackhole:~# /etc/init.d/adblock status +~# /etc/init.d/adblock status ::: adblock runtime information + adblock_status : enabled - + adblock_version : 4.4.0-r1 - + blocked_domains : 1 154 208 + + adblock_version : 4.4.1-r2 + + blocked_domains : 881 753 + active_feeds : 1hosts, certpl, cpbl, doh_blocklist, hagezi, winspy - + dns_backend : dnsmasq (-), /mnt/data/adblock/backup, 92.87 MB + + dns_backend : dnsmasq (2.92_alpha5-r1), /mnt/data/adblock/backup, 73.12 MB + run_utils : download: /usr/bin/curl, sort: /usr/libexec/sort-coreutils, awk: /usr/bin/gawk - + run_ifaces : trigger: trm_wwan, report: br-lan - + run_directories : base: /mnt/data/adblock, backup: /mnt/data/adblock/backup, report: /mnt/data/adblock/report, jail: - + + run_ifaces : trigger: trm_wwan , report: br-lan + + run_directories : base: /mnt/data/adblock, backup: /mnt/data/adblock/backup, report: /mnt/data/adblock/report, jail: /tmp + run_flags : shift: ✔, force: ✔, flush: ✘, tld: ✔, search: ✘, report: ✔, mail: ✘, jail: ✘ - + last_run : mode: reload, 2025-04-10T20:34:17+02:00, duration: 0m 55s, 682.52 MB available - + system_info : OpenWrt One, mediatek/filogic, OpenWrt 24.10-SNAPSHOT r28584-a51b1a98e0 + + last_run : mode: restart, 2025-05-03T11:43:03+02:00, duration: 0m 44s, 707.25 MB available + + system_info : OpenWrt One, mediatek/filogic, OpenWrt 24.10-SNAPSHOT r28628-cc1b909a6b ``` **Change/add adblock feeds** diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init index 10f1749c1c..19172e6eac 100755 --- a/net/adblock/files/adblock.init +++ b/net/adblock/files/adblock.init @@ -30,7 +30,7 @@ fi boot() { : >"${adb_pidfile}" - rc_procd start_service + rc_procd start_service boot } start_service() { @@ -39,7 +39,7 @@ start_service() { [ -n "$(uci_get adblock global adb_trigger)" ] && return 0 fi procd_open_instance "adblock" - procd_set_param command "${adb_script}" "${@}" + procd_set_param command "${adb_script}" "${@:-"${action}"}" procd_set_param pidfile "${adb_pidfile}" procd_set_param nice "$(uci_get adblock global adb_nice "0")" procd_set_param stdout 0 @@ -49,6 +49,7 @@ start_service() { } restart() { + stop_service "restart" rc_procd start_service restart } @@ -57,7 +58,7 @@ reload_service() { } stop_service() { - rc_procd "${adb_script}" stop + [ -z "${1}" ] && rc_procd "${adb_script}" stop } suspend() { @@ -104,9 +105,11 @@ status_service() { service_triggers() { local iface delay - iface="$(uci_get adblock global adb_trigger)" delay="$(uci_get adblock global adb_triggerdelay "5")" + trigger="$(uci_get adblock global adb_trigger)" PROCD_RELOAD_DELAY="$((delay * 1000))" - [ -n "${iface}" ] && procd_add_interface_trigger "interface.*.up" "${iface}" "${adb_init}" start + for iface in ${trigger}; do + procd_add_interface_trigger "interface.*.up" "${iface}" "${adb_init}" start + done } diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh index 084a1c4839..766270bc41 100755 --- a/net/adblock/files/adblock.sh +++ b/net/adblock/files/adblock.sh @@ -31,7 +31,7 @@ adb_tmpbase="/tmp" adb_finaldir="" adb_backupdir="/tmp/adblock-backup" adb_reportdir="/tmp/adblock-report" -adb_jaildir="" +adb_jaildir="/tmp" adb_pidfile="/var/run/adblock.pid" adb_allowlist="/etc/adblock/adblock.allowlist" adb_blocklist="/etc/adblock/adblock.blocklist" @@ -50,7 +50,7 @@ adb_repchunkcnt="5" adb_repchunksize="1" adb_represolve="0" adb_lookupdomain="localhost" -adb_action="${1:-"start"}" +adb_action="${1}" adb_packages="" adb_cnt="" @@ -202,35 +202,35 @@ f_char() { # load dns backend config # f_dns() { - local util utils dns_section dns_info mem_free dir + local dns dns_list dns_section dns_info free_mem dir - mem_free="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)" - if [ "${adb_action}" = "start" ] && [ -z "${adb_trigger}" ]; then - sleep ${adb_triggerdelay} + free_mem="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)" + if [ "${adb_action}" = "boot" ] && [ -z "${adb_trigger}" ]; then + sleep ${adb_triggerdelay:-"5"} fi if [ -z "${adb_dns}" ]; then - utils="knot-resolver bind-server unbound-daemon smartdns dnsmasq-full dnsmasq-dhcpv6 dnsmasq" - for util in ${utils}; do - if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${util}\"]" >/dev/null 2>&1; then - case "${util}" in + dns_list="knot-resolver bind-server unbound-daemon smartdns dnsmasq-full dnsmasq-dhcpv6 dnsmasq" + for dns in ${dns_list}; do + if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${dns}\"]" >/dev/null 2>&1; then + case "${dns}" in "knot-resolver") - util="kresd" + dns="kresd" ;; "bind-server") - util="named" + dns="named" ;; "unbound-daemon") - util="unbound" + dns="unbound" ;; "dnsmasq-full" | "dnsmasq-dhcpv6") - util="dnsmasq" + dns="dnsmasq" ;; esac - if [ -x "$(command -v "${util}")" ]; then - adb_dns="${util}" - uci_set adblock global adb_dns "${util}" + if [ -x "$(command -v "${dns}")" ]; then + adb_dns="${dns}" + uci_set adblock global adb_dns "${dns}" f_uci "adblock" break fi @@ -332,7 +332,7 @@ f_dns() { for dir in "${adb_dnsdir:-"/tmp"}" "${adb_backupdir:-"/tmp"}" "${adb_jaildir:-"/tmp"}"; do [ ! -d "${dir}" ] && mkdir -p "${dir}" done - if [ "${adb_dnsflush}" = "1" ] || [ "${mem_free}" -lt "64" ]; then + if [ "${adb_dnsflush}" = "1" ] || [ "${free_mem}" -lt "64" ]; then printf "%b" "${adb_dnsheader}" >"${adb_finaldir}/${adb_dnsfile}" f_dnsup elif [ ! -f "${adb_finaldir}/${adb_dnsfile}" ]; then @@ -346,26 +346,26 @@ f_dns() { # load fetch utility # f_fetch() { - local util utils insecure update="0" + local fetch fetch_list insecure update="0" adb_fetchcmd="$(command -v "${adb_fetchcmd}")" if [ ! -x "${adb_fetchcmd}" ]; then - utils="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls" - for util in ${utils}; do - if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${util}\"]" >/dev/null 2>&1; then - case "${util}" in + fetch_list="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls" + for fetch in ${fetch_list}; do + if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${fetch}\"]" >/dev/null 2>&1; then + case "${fetch}" in "wget-ssl") - util="wget" + fetch="wget" ;; "libustream-openssl" | "libustream-wolfssl" | "libustream-mbedtls") - util="uclient-fetch" + fetch="uclient-fetch" ;; esac - if [ -x "$(command -v "${util}")" ]; then + if [ -x "$(command -v "${fetch}")" ]; then update="1" - adb_fetchcmd="$(command -v "${util}")" - uci_set adblock global adb_fetchcmd "${util}" + adb_fetchcmd="$(command -v "${fetch}")" + uci_set adblock global adb_fetchcmd "${fetch}" f_uci "adblock" break fi @@ -709,10 +709,9 @@ f_list() { out_rc="${?}" eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.add.${src_name}" if [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then - rm -f "${adb_jaildir}/${adb_dnsjail}" - [ -n "${adb_dnsheader}" ] && printf "%b" "${adb_dnsheader}" >>"${adb_jaildir}/${adb_dnsjail}" - "${adb_catcmd}" "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_jaildir}/${adb_dnsjail}" - printf "%b\n" "${adb_dnsstop}" >>"${adb_jaildir}/${adb_dnsjail}" + printf "%b" "${adb_dnsheader}" >"${adb_tmpdir}/${adb_dnsjail}" + "${adb_catcmd}" "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_tmpdir}/${adb_dnsjail}" + printf "%b\n" "${adb_dnsstop}" >>"${adb_tmpdir}/${adb_dnsjail}" fi fi ;; @@ -793,7 +792,7 @@ f_list() { out_rc="${?}" if [ "${out_rc}" = "0" ] && [ -s "${src_tmpfile}" ]; then f_list backup - elif [ "${adb_action}" != "start" ]; then + elif [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ]; then f_log "info" "preparation of '${src_name}' failed, rc: ${src_rc}" f_list restore out_rc="${?}" @@ -801,7 +800,7 @@ f_list() { fi else f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}" - if [ "${adb_action}" != "start" ]; then + if [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ]; then f_list restore out_rc="${?}" fi @@ -830,7 +829,8 @@ f_list() { else out_rc=4 fi - if [ "${adb_action}" != "start" ] && [ "${adb_action}" != "restart" ] && [ "${adb_action}" != "resume" ] && [ -n "${src_name}" ] && [ "${out_rc}" != "0" ]; then + if [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ] && [ "${adb_action}" != "restart" ] && + [ "${adb_action}" != "resume" ] && [ -n "${src_name}" ] && [ "${out_rc}" != "0" ]; then adb_feed="${adb_feed/${src_name}}" fi ;; @@ -1026,16 +1026,31 @@ f_query() { # update runtime information # f_jsnup() { - local pids object feeds end_time runtime utils mem_dns mem_free status="${1:-"enabled"}" + local pids object feeds end_time runtime utils dns dns_ver dns_mem free_mem status="${1:-"enabled"}" if [ -n "${adb_dnspid}" ]; then pids="$("${adb_pgrepcmd}" -P "${adb_dnspid}" 2>/dev/null)" for pid in ${adb_dnspid} ${pids}; do - mem_dns="$((mem_dns + $("${adb_awkcmd}" '/^VmSize/{printf "%s", $2}' "/proc/${pid}/status" 2>/dev/null)))" + dns_mem="$((dns_mem + $("${adb_awkcmd}" '/^VmSize/{printf "%s", $2}' "/proc/${pid}/status" 2>/dev/null)))" done - mem_dns="$("${adb_awkcmd}" -v mem="${mem_dns}" 'BEGIN{printf "%.2f", mem/1024}' 2>/dev/null)" + case "${adb_dns}" in + "kresd") + dns="knot-resolver" + ;; + "named") + dns="bind-server" + ;; + "unbound") + dns="unbound-daemon" + ;; + "dnsmasq") + dns="dnsmasq\", \"dnsmasq-full\", \"dnsmasq-dhcpv6" + ;; + esac + dns_ver="$(printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${dns:-"${adb_dns}"}\"]")" + dns_mem="$("${adb_awkcmd}" -v mem="${dns_mem}" 'BEGIN{printf "%.2f", mem/1024}' 2>/dev/null)" fi - mem_free="$("${adb_awkcmd}" '/^MemAvailable/{printf "%.2f", $2/1024}' "/proc/meminfo" 2>/dev/null)" + free_mem="$("${adb_awkcmd}" '/^MemAvailable/{printf "%.2f", $2/1024}' "/proc/meminfo" 2>/dev/null)" adb_cnt="$("${adb_awkcmd}" -v cnt="${adb_cnt}" 'BEGIN{res="";pos=0;for(i=length(cnt);i>0;i--){res=substr(cnt,i,1)res;pos++;if(pos==3&&i>1){res=" "res;pos=0;}}; printf"%s",res}')" case "${status}" in @@ -1044,10 +1059,7 @@ f_jsnup() { end_time="$(date "+%s")" duration="$(((end_time - adb_starttime) / 60))m $(((end_time - adb_starttime) % 60))s" fi - runtime="mode: ${adb_action}, $(date -Iseconds), duration: ${duration:-"-"}, ${mem_free:-0} MB available" - ;; - "error"|"stopped") - adb_cnt="0" + runtime="mode: ${adb_action}, $(date -Iseconds), duration: ${duration:-"-"}, ${free_mem:-0} MB available" ;; "resume") status="enabled" @@ -1056,6 +1068,9 @@ f_jsnup() { adb_cnt="0" status="paused" ;; + *) + adb_cnt="0" + ;; esac json_init @@ -1083,10 +1098,10 @@ f_jsnup() { json_add_string "${object}" "${object}" done json_close_array - json_add_string "dns_backend" "${adb_dns:-"-"} (${adb_dnscachecmd##*/}), ${adb_finaldir:-"-"}, ${mem_dns:-"0"} MB" + json_add_string "dns_backend" "${adb_dns:-"-"} (${dns_ver:-"-"}), ${adb_finaldir:-"-"}, ${dns_mem:-"0"} MB" json_add_string "run_utils" "${utils:-"-"}" json_add_string "run_ifaces" "trigger: ${adb_trigger:-"-"}, report: ${adb_repiface:-"-"}" - json_add_string "run_directories" "base: ${adb_tmpbase}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir:-"-"}" + json_add_string "run_directories" "base: ${adb_tmpbase}, dns: ${adb_dnsdir}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir:-"-"}" json_add_string "run_flags" "shift: $(f_char ${adb_dnsshift}), force: $(f_char ${adb_dnsforce}), flush: $(f_char ${adb_dnsflush}), tld: $(f_char ${adb_tld}), search: $(f_char ${adb_safesearch}), report: $(f_char ${adb_report}), mail: $(f_char ${adb_mail}), jail: $(f_char ${adb_jail})" json_add_string "last_run" "${runtime:-"-"}" json_add_string "system_info" "${adb_sysver}" @@ -1130,22 +1145,32 @@ f_main() { done wait - if [ "${adb_dns}" != "raw" ] && [ "${adb_jail}" = "1" ] && [ "${adb_jaildir}" = "${adb_dnsdir}" ]; then - printf "%b" "${adb_dnsheader}" >"${adb_finaldir}/${adb_dnsfile}" - chown "${adb_dnsuser}" "${adb_jaildir}/${adb_dnsjail}" 2>/dev/null - if f_dnsup; then - if [ "${adb_action}" != "resume" ]; then - f_jsnup "enabled" + # jail mode preparation + # + if [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then + if [ "${adb_jaildir}" = "${adb_dnsdir}" ]; then + "${adb_catcmd}" "${adb_tmpdir}/${adb_dnsjail}" >"${adb_finaldir}/${adb_dnsfile}" + chown "${adb_dnsuser}" "${adb_finaldir}/${adb_dnsfile}" 2>/dev/null + if [ "${adb_dnsshift}" = "1" ] && [ ! -L "${adb_dnsdir}/${adb_dnsfile}" ]; then + ln -fs "${adb_finaldir}/${adb_dnsfile}" "${adb_dnsdir}/${adb_dnsfile}" + elif [ "${adb_dnsshift}" = "0" ] && [ -s "${adb_backupdir}/${adb_dnsfile}" ]; then + rm -f "${adb_backupdir}/${adb_dnsfile}" fi - f_log "info" "restrictive jail mode enabled successfully (${adb_sysver})" + if f_dnsup; then + if [ "${adb_action}" != "resume" ]; then + f_jsnup "enabled" + fi + f_log "info" "restrictive jail mode enabled successfully (${adb_sysver})" + else + f_log "err" "dns backend restart in jail mode failed" + fi + f_rmtemp + return else - f_log "err" "dns backend restart in jail mode failed" + "${adb_catcmd}" "${adb_tmpdir}/${adb_dnsjail}" >"${adb_jaildir}/${adb_dnsjail}" + chown "${adb_dnsuser}" "${adb_jaildir}/${adb_dnsjail}" 2>/dev/null + f_log "info" "additional restrictive jail blocklist placed in ${adb_jaildir}" fi - f_rmtemp - return - elif [ -f "${adb_finaldir}/${adb_dnsjail}" ]; then - rm -f "${adb_finaldir}/${adb_dnsjail}" - f_dnsup fi # safe search preparation @@ -1510,7 +1535,7 @@ case "${adb_action}" in "query") f_query "${2}" ;; - "start" | "reload") + "boot" | "start" | "reload") f_env f_main ;;