[Updates Problems] Pi Hole + Dnscrypt

Kylvan · May 31, 2020, 9:00pm

Expected Behaviour:

It should doing updates.

Actual Behaviour:

Dnscrypt and Pi Hole doesn't do automatics updates anymore.

I was having problem with pi hole (see this issue) : [FATAL] listen udp bind: address already in use - #3 by jfb

So as recommanded i've open an issue at Dnscrypt github and i solved the problem, but instead of following this tutorial (that i couldn't get to work) i've changed make those changes (see the link below) :
https://github.com/DNSCrypt/dnscrypt-proxy/issues/1198#issuecomment-589353199

This is the script for automatic update for dnscrypt :

And this my actual script that is executed from a sudo crontabe -e :

INSTALL_DIR="/opt/dnscrypt-proxy"
LATEST_URL="https://api.github.com/repos/jedisct1/dnscrypt-proxy/releases/latest"

Update() {
    workdir="$(mktemp -d)"
    curl -sL $(curl -sL "$LATEST_URL" |
        grep dnscrypt-proxy-linux_arm- | grep browser_download_url | head -1 | cut -d " -f 4) |
        tar xz -C "$workdir" -f - linux-arm/dnscrypt-proxy &&
        [ -x linux-arm/dnscrypt-proxy ] &&
        mv -f "${INSTALL_DIR}/dnscrypt-proxy" "${INSTALL_DIR}/dnscrypt-proxy.old"  : &&
        mv -f "${workdir}/linux-x86_64/dnscrypt-proxy" "${INSTALL_DIR}/" &&
        cd "$INSTALL_DIR" && rm -fr "$workdir" &&
        ./dnscrypt-proxy -check && ./dnscrypt-proxy -service install 2>/dev/null  : &&
        ./dnscrypt-proxy -service restart || ./dnscrypt-proxy -service start
}

lversion=$("${INSTALL_DIR}/dnscrypt-proxy" -version)
rmersion=$(curl -sL "$LATEST_URL" | grep "tag_name" | head -1 | cut -d " -f 4)
[ -z "$lversion" ] && exit 1
[ -z "$rmersion" ] && exit 1

echo locally installed
echo "$lversion"

echo remote git version
echo "$rmersion"

if [ "$rmersion" != "$lversion" ]; then
    echo "Updating" && Update
else
    echo "No Update Needed"
fi

And also this is my crontab for pi hole

~ $ sudo cat /etc/cron.d/pihole
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Updates ad sources every week
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.
#
#
#
# This file is under source-control of the Pi-hole installation and update
# scripts, any changes made to this file will be overwritten when the softare
# is updated or re-installed. Please make any changes to the appropriate crontab
# or other cron file snippets.

# Pi-hole: Update the ad sources once a week on Sunday at a random time in the
#          early morning. Download any updates from the adlists
#          Squash output to log, then splat the log to stdout on error to allow for
#          standard crontab job error handling.
49 3   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log

# Pi-hole: Flush the log daily at 00:00
#          The flush script will use logrotate if available
#          parameter "once": logrotate only once (default is twice)
#          parameter "quiet": don't print messages
00 00   * * *   root    PATH="$PATH:/usr/local/bin/" pihole flush once quiet

@reboot root /usr/sbin/logrotate /etc/pihole/logrotate

# Pi-hole: Grab local version and branch every 10 minutes
*/10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local

# Pi-hole: Grab remote version every 24 hours
39 18  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote

Please let me know if i've to make changes to make the updates working again (actually i'm not quite sure that dnscrypt script has worked one day).

Big thanks to you.

Debug Token:

https://tricorder.pi-hole.net/7ul0qek8uu

DanSchaper · May 31, 2020, 9:44pm

DO NOT AUTOMATICALLY UPDATE Pi-hole.

jfb · May 31, 2020, 9:48pm

Pi-hole has never done automatic updates. It does some housekeeping at midnight and updates gravity weekly as shown in your cron for the Pi-hole.

This is done by design - automatic updates to your Pi-hole install are not something you want.

Kylvan · June 1, 2020, 1:41am

@DanSchaper A thing I DON'T WANT FOR SURE is having a twinkling image in red, orange and white to advertise me that there is a NEW UPDATE on dashboard if i don't want/need to update automatically, this is USELESS

It's like walking on head.. If updates aren't needed for the system were the service run, then don't put notifications. If there is major updates that are needed > let to the user the choice to push them automatically, if there is minor updates but maybe needed > put discrete notifications.

Thank you kindly for your answer. I will check for Dnscrypt on their github, i don't want to waste your precious time, you sure need it to make pimped rgb alerts on dashboard.

@jfb Thank you for those informations.

Best regards.

jfb · June 1, 2020, 3:42am

The purpose of this is to notify you that a new version is available. You can go and read the release notes and decide if the update is something you wish to install. If not, then leave it on the current version.

You can also resize your browser window so you don't see that notification.

Kylvan · June 1, 2020, 11:23am

I know what the purpose is. I'm just telling that we are in 2020 and automation can be used to make it simplest to use. If for each service i (or people) should read the patch note before updating anything (especially when you have to look at security correctives) it could take many hours (and/or peoples) that i personally haven't. Categorizing correctives as " Majors " - " Minors " - " Specifics " isn't too much to ask.

Pi Hole, use multiples services to run and sometimes update part of those in the patchs notes. So if there is an update that is needed you can't just say " read each patch notes and then decide to update or not ". It's the job of Pi Hole to categorize and notify in consequences the different types of update. Like that, it's stodgy for the user or the administrator that have already to much work to take care off.

I don't think people use only pi hole in their network. For the rest i've already given an answer.

DanSchaper · June 1, 2020, 3:45pm

Pi-hole is a DNS server. It's a vital network utility. If it goes down then you have no real internet. The update from version 4 to version 5 is non-reversible. The release notes say "Backup before you update".

If you can't be bothered to read the release notes before modifying a vital network utility like DNS then you shouldn't be running one.

Kylvan · June 1, 2020, 5:16pm

DNS and Router are vitals, yes. I can be bothered and i'm used to. Pi Hole is also a group of different services and applications running together. If you aren't able to make a good use of notifications and make digest explicit patch notes, don't be mad at me for that.

If the version 5 is no reversible then it's a major update that should be studied by the user, so if you was able to handle and manage automatics update you just can make a pop-up that's say so. But i just repeat my self here.

You don't want people to update automatically and you want them to read every patch notes by following twinkling rgb flashing image in the bottom of the screen, okay. I just say it's really not great, at all.

Have a nice day.