From 3bc45d930c5f531b765b8bcbfbeaebee292273c6 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Wed, 10 Oct 2018 10:24:15 +0200
Subject: [PATCH] Hostnames block is done in memory only

---
 Dockerfile    | 64 +++++++++++++++++++++++----------------------------
 entrypoint.sh |  2 +-
 2 files changed, 30 insertions(+), 36 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9c940493..a5ecbae0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,9 @@
 FROM alpine:3.8 AS rootanchors
-RUN apk add -q --progress wget perl-xml-xpath && \
-    wget -q https://www.internic.net/domain/named.root -O named.root && \
+RUN apk add -q --progress wget perl-xml-xpath
+RUN wget -q https://www.internic.net/domain/named.root -O named.root && \
     echo "602f28581292bf5e50c8137c955173e6  named.root" > hashes.md5 && \
-    md5sum -c hashes.md5 && \
-    wget -q https://data.iana.org/root-anchors/root-anchors.xml -O root-anchors.xml && \
+    md5sum -c hashes.md5
+RUN wget -q https://data.iana.org/root-anchors/root-anchors.xml -O root-anchors.xml && \
     echo "1b2a628d1ff22d4dc7645cfc89f21b6a575526439c6706ecf853e6fff7099dc8  root-anchors.xml" > hashes.sha256 && \
     sha256sum -c hashes.sha256 && \
     KEYTAGS=$(xpath -q -e '/TrustAnchor/KeyDigest/KeyTag/node()' root-anchors.xml) && \
@@ -22,37 +22,31 @@ RUN apk add -q --progress wget perl-xml-xpath && \
     done;
 
 FROM alpine:3.8 AS blocks
-RUN apk add -q --progress wget && \
-    wget -q https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -O temp && \
-    sed -i '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^127.0.0.1\)\|\(^255.255.255.255\)\|\(^::1\)\|\(^fe80\)\|\(^ff00\)\|\(^ff02\)\|\(^0.0.0.0 0.0.0.0\)/d' temp && \
-    sed -i 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(0.0.0.0 \)//g' temp && \
-    cat temp >> allHostnames && \
-    wget -q https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS -O temp && \
-    sed -i '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^127.0.0.1\)/d' temp && \
-    sed -i 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(0.0.0.0 \)//g' temp && \
-    cat temp >> allHostnames && \
-    wget -q https://raw.githubusercontent.com/k0nsl/unbound-blocklist/master/blocks.conf -O temp && \
-    sed -i '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^local-data\)/d' temp && \
-    sed -i 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(local-zone: \"\)\|\(\" redirect\)//g' temp && \
-    cat temp >> allHostnames && \
-    wget -q https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt -O temp && \
-    sed -i '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(::$\)/d' temp && \
-    sed -i 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(address=\/\)\|\(\/0.0.0.0$\)//g' temp && \
-    cat temp >> allHostnames && \
-    wget -q https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt -O temp && \
-    sed -i '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^::\)/d' temp && \
-    sed -i 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(^0.0.0.0 \)//g' temp && \
-    cat temp >> allHostnames && \
-    sort -o allHostnames allHostnames && \
-    cat allHostnames | uniq -i -u > uniqueHostnames && \
-    cat allHostnames | uniq -i -d > duplicateHostnames && \
-    duplicates=$(($(wc -l < allHostnames)-$(wc -l < uniqueHostnames)-$(wc -l < duplicateHostnames))) && \
-    echo "Removed $duplicates duplicates in a total of $(wc -l < allHostnames) hostnames" && \
-    mv uniqueHostnames allHostnames && \
-    cat duplicateHostnames >> allHostnames && \
-    sort -o allHostnames allHostnames && \
-    sed -i '/\(psma01.com.\)\|\(psma02.com.\)\|\(psma03.com.\)\|\(MEZIAMUSSUCEMAQUEUE.SU\)/d' allHostnames && \
-    while read line; do printf "local-zone: \"$line\" static\n" >> blocks-malicious.conf; done < allHostnames && \
+RUN apk add -q --progress wget ca-certificates sed
+RUN hostnames=$(wget -qO- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | \
+    sed '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^127.0.0.1\)\|\(^255.255.255.255\)\|\(^::1\)\|\(^fe80\)\|\(^ff00\)\|\(^ff02\)\|\(^0.0.0.0 0.0.0.0\)/d' | \
+    sed 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(0.0.0.0 \)//g')$'\n'$( \
+    wget -qO- https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS | \
+    sed '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^127.0.0.1\)/d' | \
+    sed 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(0.0.0.0 \)//g')$'\n'$( \
+    wget -qO- https://raw.githubusercontent.com/k0nsl/unbound-blocklist/master/blocks.conf | \
+    sed '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^local-data\)/d' | \
+    sed 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(local-zone: \"\)\|\(\" redirect\)//g')$'\n'$( \
+    wget -qO- https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt | \
+    sed '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(::$\)/d' | \
+    sed 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(address=\/\)\|\(\/0.0.0.0$\)//g')$'\n'$( \
+    wget -qO- https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt | \
+    sed '/\(^[ \|\t]*#\)\|\(^[ ]\+\)\|\(^$\)\|\(^[\n\|\r\|\r\n][ \|\t]*$\)\|\(^::\)/d' | \
+    sed 's/\([ \|\t]*#.*$\)\|\(\r\)\|\(^0.0.0.0 \)//g') && \
+    COUNT_BEFORE=$(echo "$hostnames" | sed '/^\s*$/d' | wc -l) && \
+    hostnames=$(echo "$hostnames" | sort | uniq | sed '/\(psma01.com.\)\|\(psma02.com.\)\|\(psma03.com.\)\|\(MEZIAMUSSUCEMAQUEUE.SU\)/d') && \
+    COUNT_AFTER=$(echo "$hostnames" | sed '/^\s*$/d' | wc -l) && \
+    echo "Removed $((COUNT_BEFORE-$COUNT_AFTER)) duplicates from $COUNT_BEFORE hostnames" && \
+    COUNT_BEFORE=$(echo "$hostnames" | sed '/^\s*$/d' | wc -l) && \
+    hostnames=$(echo "$hostnames" | sed '/\(maxmind.com\)/Id') && \
+    COUNT_AFTER=$(echo "$hostnames" | sed '/^\s*$/d' | wc -l) && \
+    echo "Removed $((COUNT_BEFORE-$COUNT_AFTER)) entries manually (see Dockerfile)" && \
+    for hostname in $hostnames; do echo "local-zone: \""$hostname"\" static" >> blocks-malicious.conf; done && \
     tar -cjf blocks-malicious.conf.bz2 blocks-malicious.conf
 
 FROM alpine:3.8
diff --git a/entrypoint.sh b/entrypoint.sh
index c2a23a5e..2d9484ad 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -158,7 +158,7 @@ printf "\n * Region: $REGION"
 printf "\n * Encryption: $ENCRYPTION"
 printf "\n * Protocol: $PROTOCOL"
 printf "\n * Port: $PORT"
-printf "\n * Initial IP address: $(echo $VPNIPS | cut -d' ' -f1)"
+printf "\n * Initial IP address: $(echo "$VPNIPS" | head -n 1)"
 printf "\n\n"
 cd "/openvpn-$PROTOCOL-$ENCRYPTION"
 openvpn --config "$REGION.ovpn" --user nonrootuser --persist-tun --auth-retry nointeract --auth-user-pass /auth.conf --auth-nocache