Fix the github suggestion mess

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>

.github/workflows/codeql-analysis.yml

@@ -25,16 +25,16 @@ jobs:
     steps:
     -
       name: Checkout repository
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
     # Initializes the CodeQL tools for scanning.
     -
       name: Initialize CodeQL
-      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6
+      uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
       with:
         languages: 'python'
     -
       name: Autobuild
-      uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6
+      uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
     -
       name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6
+      uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8

.github/workflows/stale.yml

@@ -17,7 +17,7 @@ jobs:
       issues: write
 
     steps:
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f #v10.2.0
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 #v10.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
       - name: Remove 'stale' label
         run: gh issue edit ${{ github.event.issue.number }} --remove-label ${{ env.stale_label }}
         env:

.github/workflows/stale_pr.yml

@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f #v10.2.0
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 #v10.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # Do not automatically mark PR/issue as stale

.github/workflows/sync-back-to-dev.yml

@@ -33,7 +33,7 @@ jobs:
     name: Syncing branches
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
       - name: Opening pull request
         run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
         env:

.github/workflows/test.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           fetch-depth: 0 # Differential ShellCheck requires full git history
 
@@ -31,25 +31,25 @@ jobs:
           [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!"
 
       - name: Differential ShellCheck
-        uses: redhat-plumbers-in-action/differential-shellcheck@d965e66ec0b3b2f821f75c8eff9b12442d9a7d1e #v5.5.6
+        uses: redhat-plumbers-in-action/differential-shellcheck@0d9e5b29625f871e6a4215380486d6f1a7cb6cdd #v5.5.5
         with:
           severity: warning
           display-engine: sarif-fmt
 
 
       - name: Spell-Checking
-        uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 #v2.2
+        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 #v2.1
         with:
           ignore_words_file: .codespellignore
 
       - name: Get editorconfig-checker
-        uses: editorconfig-checker/action-editorconfig-checker@4b6cd6190d435e7e084fb35e36a096e98506f7b9 #v2.1.0
+        uses: editorconfig-checker/action-editorconfig-checker@1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4 # tag v2. is really out of date
 
       - name: Run editorconfig-checker
         run: editorconfig-checker
 
       - name: Check python code formatting with black
-        uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 #26.3.1
+        uses: psf/black@af0ba72a73598c76189d6dd1b21d8532255d5942 #25.9.0
         with:
           src: "./test"
           options: "--check --diff --color"
@@ -74,19 +74,17 @@ jobs:
             fedora_40,
             fedora_41,
             fedora_42,
-            fedora_43,
             alpine_3_21,
             alpine_3_22,
-            alpine_3_23,
           ]
     env:
       DISTRO: ${{matrix.distro}}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
 
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0
         with:
           python-version: "3.13"
 

advanced/Scripts/piholeCheckout.sh

@@ -41,22 +41,6 @@ warning1() {
 }
 
 checkout() {
-
-    local skipFTL additionalFlag
-    skipFTL=false
-    # Check arguments
-    for var in "$@"; do
-        case "$var" in
-            "--skipFTL") skipFTL=true ;;
-        esac
-    done
-
-    if [ "${skipFTL}" == true ]; then
-        additionalFlag="--skipFTL"
-    else
-        additionalFlag=""
-    fi
-
     local corebranches
     local webbranches
 
@@ -251,7 +235,7 @@ checkout() {
     # Force updating everything
     if [[  ! "${1}" == "web" && ! "${1}" == "ftl" ]]; then
         echo -e "  ${INFO} Running installer to upgrade your installation"
-        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended ${additionalFlag}; then
+        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then
             exit 0
         else
             echo -e "  ${COL_RED} Error: Unable to complete update, please contact support${COL_NC}"

advanced/Scripts/piholeDebug.sh

@@ -169,7 +169,7 @@ initialize_debug() {
     # Display that the debug process is beginning
     log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}"
     # Timestamp the start of the log
-    log_write "${INFO} $(date "+%Y-%m-%d %H:%M:%S") debug log has been initialized."
+    log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized."
     # Uptime of the system
     # credits to https://stackoverflow.com/questions/28353409/bash-format-uptime-to-show-days-hours-minutes
     system_uptime=$(uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/){if ($9=="min") {d=$6;m=$8} else {d=$6;h=$8;m=$9}} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes"}')
@@ -375,6 +375,22 @@ check_firewalld() {
                     log_write "${CROSS} ${COL_RED}  Allow Service: ${i}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
                 fi
             done
+            # check for custom FTL FirewallD zone
+            local firewalld_zones
+            firewalld_zones=$(firewall-cmd --get-zones)
+            if [[ "${firewalld_zones}" =~ "ftl" ]]; then
+                log_write "${TICK} ${COL_GREEN}FTL Custom Zone Detected${COL_NC}";
+                # check FTL custom zone interface: lo
+                local firewalld_ftl_zone_interfaces
+                firewalld_ftl_zone_interfaces=$(firewall-cmd --zone=ftl --list-interfaces)
+                if [[ "${firewalld_ftl_zone_interfaces}" =~ "lo" ]]; then
+                    log_write "${TICK} ${COL_GREEN}  Local Interface Detected${COL_NC}";
+                else
+                    log_write "${CROSS} ${COL_RED}  Local Interface Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
+                fi
+            else
+                log_write "${CROSS} ${COL_RED}FTL Custom Zone Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
+            fi
         fi
     else
         log_write "${TICK} ${COL_GREEN}Firewalld service not detected${COL_NC}";
@@ -577,21 +593,18 @@ check_required_ports() {
     # Add port 53
     ports_configured+=("53")
 
-    local protocol_type port_number service_name
     # Now that we have the values stored,
     for i in "${!ports_in_use[@]}"; do
         # loop through them and assign some local variables
-        read -r protocol_type port_number service_name <<< "$(
-            awk '{
-                p=$1; n=$5; s=$7
-                gsub(/users:\(\("/,"",s)
-                gsub(/".*/,"",s)
-                print p, n, s
-            }' <<< "${ports_in_use[$i]}"
-        )"
+        local service_name
+        service_name=$(echo "${ports_in_use[$i]}" | awk '{gsub(/users:\(\("/,"",$7);gsub(/".*/,"",$7);print $7}')
+        local protocol_type
+        protocol_type=$(echo "${ports_in_use[$i]}" | awk '{print $1}')
+        local port_number
+        port_number="$(echo "${ports_in_use[$i]}" | awk '{print $5}')" #  | awk '{gsub(/^.*:/,"",$5);print $5}')
 
         # Check if the right services are using the right ports
-        if [[ ${ports_configured[*]} =~ ${port_number##*:} ]]; then
+        if [[ ${ports_configured[*]} =~ $(echo "${port_number}" | rev | cut -d: -f1 | rev) ]]; then
             compare_port_to_service_assigned  "${ftl}" "${service_name}" "${protocol_type}:${port_number}"
         else
             # If it's not a default port that Pi-hole needs, just print it out for the user to see
@@ -709,7 +722,7 @@ dig_at() {
                 fi
 
               # Check if Pi-hole can use itself to block a domain
-                if local_dig="$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" "${record_type}" -p "$(get_ftl_conf_value "dns.port")")"; then
+                if local_dig="$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" "${record_type}")"; then
                     # If it can, show success
                     if [[ "${local_dig}" == *"status: NOERROR"* ]]; then
                         local_dig="NOERROR"
@@ -803,27 +816,42 @@ ftl_full_status(){
 
 make_array_from_file() {
     local filename="${1}"
-
-    # If the file is a directory do nothing since it cannot be parsed
-    [[ -d "${filename}" ]] && return
-
     # The second argument can put a limit on how many line should be read from the file
     # Since some of the files are so large, this is helpful to limit the output
     local limit=${2}
     # A local iterator for testing if we are at the limit above
     local i=0
+    # If the file is a directory
+    if [[ -d "${filename}" ]]; then
+        # do nothing since it cannot be parsed
+        :
+    else
+        # Otherwise, read the file line by line
+        while IFS= read -r line;do
+            # Otherwise, strip out comments and blank lines
+            new_line=$(echo "${line}" | sed -e 's/^\s*#.*$//' -e '/^$/d')
+            # If the line still has content (a non-zero value)
+            if [[ -n "${new_line}" ]]; then
 
-    # Process the file, strip out comments and blank lines
-    local processed
-    processed=$(sed -e 's/^\s*#.*$//' -e '/^$/d' "${filename}")
+                # If the string contains "### CHANGED", highlight this part in red
+                if [[ "${new_line}" == *"### CHANGED"* ]]; then
+                    new_line="${new_line//### CHANGED/${COL_RED}### CHANGED${COL_NC}}"
+                fi
 
-    while IFS= read -r line; do
-        # If the string contains "### CHANGED", highlight this part in red
-        log_write "   ${line//### CHANGED/${COL_RED}### CHANGED${COL_NC}}"
-        ((i++))
-        # if the limit of lines we want to see is exceeded do nothing
-        [[ -n ${limit} && $i -eq ${limit} ]] && break
-    done <<< "$processed"
+                # Finally, write this line to the log
+                log_write "   ${new_line}"
+            fi
+            # Increment the iterator +1
+            i=$((i+1))
+            # but if the limit of lines we want to see is exceeded
+            if [[ -z ${limit} ]]; then
+                # do nothing
+                :
+            elif [[ $i -eq ${limit} ]]; then
+                break
+            fi
+        done < "${filename}"
+    fi
 }
 
 parse_file() {
@@ -896,38 +924,38 @@ list_files_in_dir() {
     fi
 
     # Store the files found in an array
-    local files_found=("${dir_to_parse}"/*)
+    mapfile -t files_found < <(ls "${dir_to_parse}")
     # For each file in the array,
     for each_file in "${files_found[@]}"; do
-        if [[ -d "${each_file}" ]]; then
+        if [[ -d "${dir_to_parse}/${each_file}" ]]; then
             # If it's a directory, do nothing
             :
-        elif [[ "${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \
-            [[ "${each_file}" == "${PIHOLE_RAW_BLOCKLIST_FILES}" ]] || \
-            [[ "${each_file}" == "${PIHOLE_INSTALL_LOG_FILE}" ]] || \
-            [[ "${each_file}" == "${PIHOLE_LOG}" ]] || \
-            [[ "${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
+        elif [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_DEBUG_LOG}" ]] || \
+            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_RAW_BLOCKLIST_FILES}" ]] || \
+            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_INSTALL_LOG_FILE}" ]] || \
+            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG}" ]] || \
+            [[ "${dir_to_parse}/${each_file}" == "${PIHOLE_LOG_GZIPS}" ]]; then
             :
         elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then
             # in case of the dnsmasq directory include all files in the debug output
-            log_write "\\n${COL_GREEN}$(ls -lhd "${each_file}")${COL_NC}"
-            make_array_from_file "${each_file}"
+            log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
+            make_array_from_file "${dir_to_parse}/${each_file}"
         else
             # Then, parse the file's content into an array so each line can be analyzed if need be
             for i in "${!REQUIRED_FILES[@]}"; do
-                if [[ "${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then
+                if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then
                     # display the filename
-                    log_write "\\n${COL_GREEN}$(ls -lhd "${each_file}")${COL_NC}"
+                    log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
                     # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing)
-                    case "${each_file}" in
+                    case "${dir_to_parse}/${each_file}" in
                         # If it's Web server log, give the first and last 25 lines
-                        "${PIHOLE_WEBSERVER_LOG}") head_tail_log "${each_file}" 25
+                        "${PIHOLE_WEBSERVER_LOG}") head_tail_log "${dir_to_parse}/${each_file}" 25
                             ;;
                         # Same for the FTL log
-                        "${PIHOLE_FTL_LOG}") head_tail_log "${each_file}" 35
+                        "${PIHOLE_FTL_LOG}") head_tail_log "${dir_to_parse}/${each_file}" 35
                             ;;
                         # parse the file into an array in case we ever need to analyze it line-by-line
-                        *) make_array_from_file "${each_file}";
+                        *) make_array_from_file "${dir_to_parse}/${each_file}";
                     esac
                 else
                     # Otherwise, do nothing since it's not a file needed for Pi-hole so we don't care about it
@@ -963,7 +991,6 @@ head_tail_log() {
     local filename="${1}"
     # The number of lines to use for head and tail
     local qty="${2}"
-    local filebasename="${filename##*/}"
     local head_line
     local tail_line
     # Put the current Internal Field Separator into another variable so it can be restored later
@@ -972,14 +999,14 @@ head_tail_log() {
     IFS=$'\r\n'
     local log_head=()
     mapfile -t log_head < <(head -n "${qty}" "${filename}")
-    log_write "   ${COL_CYAN}-----head of ${filebasename}------${COL_NC}"
+    log_write "   ${COL_CYAN}-----head of $(basename "${filename}")------${COL_NC}"
     for head_line in "${log_head[@]}"; do
         log_write "   ${head_line}"
     done
     log_write ""
     local log_tail=()
     mapfile -t log_tail < <(tail -n "${qty}" "${filename}")
-    log_write "   ${COL_CYAN}-----tail of ${filebasename}------${COL_NC}"
+    log_write "   ${COL_CYAN}-----tail of $(basename "${filename}")------${COL_NC}"
     for tail_line in "${log_tail[@]}"; do
         log_write "   ${tail_line}"
     done
@@ -1006,24 +1033,6 @@ show_db_entries() {
     )
 
     for line in "${entries[@]}"; do
-        # Use gray color for "no". Normal color for "yes"
-        line=${line//--no---/${COL_GRAY}  no   ${COL_NC}}
-        line=${line//--yes--/  yes  }
-
-        # Use red for "deny" and green for "allow"
-        if [ "$title" = "Domainlist" ]; then
-            line=${line//regex-deny/${COL_RED}regex-deny${COL_NC}}
-            line=${line//regex-allow/${COL_GREEN}regex-allow${COL_NC}}
-            line=${line//exact-deny/${COL_RED}exact-deny${COL_NC}}
-            line=${line//exact-allow/${COL_GREEN}exact-allow${COL_NC}}
-        fi
-
-        # Use red for "block" and green for "allow"
-        if [ "$title" = "Adlists" ]; then
-            line=${line//-BLOCK-/${COL_RED} Block ${COL_NC}}
-            line=${line//-ALLOW-/${COL_GREEN} Allow ${COL_NC}}
-        fi
-
         log_write "   ${line}"
     done
 
@@ -1071,15 +1080,15 @@ check_dhcp_servers() {
 }
 
 show_groups() {
-    show_db_entries "Groups" "SELECT id,CASE enabled WHEN '0' THEN '--no---' WHEN '1' THEN '--yes--' ELSE enabled END enabled,name,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,description FROM \"group\"" "4 7 50 19 19 50"
+    show_db_entries "Groups" "SELECT id,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,name,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,description FROM \"group\"" "4 7 50 19 19 50"
 }
 
 show_adlists() {
-    show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN '--no---' WHEN '1' THEN '--yes--' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids, CASE type WHEN '0' THEN '-BLOCK-' WHEN '1' THEN '-ALLOW-' ELSE type END type, address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 7 100 19 19 50"
+    show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 100 19 19 50"
 }
 
 show_domainlist() {
-    show_db_entries "Domainlist" "SELECT id,CASE type WHEN '0' THEN 'exact-allow' WHEN '1' THEN 'exact-deny' WHEN '2' THEN 'regex-allow' WHEN '3' THEN 'regex-deny' ELSE type END type,CASE enabled WHEN '0' THEN '--no---' WHEN '1' THEN '--yes--' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 11 7 12 90 19 19 50"
+    show_db_entries "Domainlist (0/1 = exact allow-/denylist, 2/3 = regex allow-/denylist)" "SELECT id,CASE type WHEN '0' THEN '0   ' WHEN '1' THEN ' 1  ' WHEN '2' THEN '  2 ' WHEN '3' THEN '   3' ELSE type END type,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 4 7 12 100 19 19 50"
 }
 
 show_clients() {

advanced/Scripts/piholeLogFlush.sh

@@ -17,6 +17,11 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 # shellcheck source="./advanced/Scripts/utils.sh"
 source "${utilsfile}"
 
+# In case we're running at the same time as a system logrotate, use a
+# separate logrotate state file to prevent stepping on each other's
+# toes.
+STATEFILE="/var/lib/logrotate/pihole"
+
 # Determine database location
 DBFILE=$(getFTLConfigValue "files.database")
 if [ -z "$DBFILE" ]; then
@@ -37,6 +42,25 @@ if [ -z "$WEBFILE" ]; then
     WEBFILE="/var/log/pihole/webserver.log"
 fi
 
+# Helper function to handle log rotation for a single file
+rotate_log() {
+    # This function copies x.log over to x.log.1
+    # and then empties x.log
+    # Note that moving the file is not an option, as
+    # dnsmasq would happily continue writing into the
+    # moved file (it will have the same file handler)
+    local logfile="$1"
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -ne "  ${INFO} Rotating ${logfile} ..."
+    fi
+    cp -p "${logfile}" "${logfile}.1"
+    echo " " > "${logfile}"
+    chmod 640 "${logfile}"
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -e "${OVER}  ${TICK} Rotated ${logfile} ..."
+    fi
+}
+
 # Helper function to handle log flushing for a single file
 flush_log() {
     local logfile="$1"
@@ -54,23 +78,41 @@ flush_log() {
     fi
 }
 
-# Manual flushing
-flush_log "${LOGFILE}"
-flush_log "${FTLFILE}"
-flush_log "${WEBFILE}"
+if [[ "$*" == *"once"* ]]; then
+    # Nightly logrotation
+    if command -v /usr/sbin/logrotate >/dev/null; then
+        # Logrotate once
 
-if [[ "$*" != *"quiet"* ]]; then
-    echo -ne "  ${INFO} Flushing database, DNS resolution temporarily unavailable ..."
-fi
-
-# Stop FTL to make sure it doesn't write to the database while we're deleting data
-service pihole-FTL stop
-
-# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
-deleted=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
-
-# Restart FTL
-service pihole-FTL restart
-if [[ "$*" != *"quiet"* ]]; then
-    echo -e "${OVER}  ${TICK} Deleted ${deleted} queries from long-term query database"
+        if [[ "$*" != *"quiet"* ]]; then
+            echo -ne "  ${INFO} Running logrotate ..."
+        fi
+        mkdir -p "${STATEFILE%/*}"
+        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
+    else
+        # Handle rotation for each log file
+        rotate_log "${LOGFILE}"
+        rotate_log "${FTLFILE}"
+        rotate_log "${WEBFILE}"
+    fi
+else
+    # Manual flushing
+    flush_log "${LOGFILE}"
+    flush_log "${FTLFILE}"
+    flush_log "${WEBFILE}"
+
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -ne "  ${INFO} Flushing database, DNS resolution temporarily unavailable ..."
+    fi
+
+    # Stop FTL to make sure it doesn't write to the database while we're deleting data
+    service pihole-FTL stop
+
+    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
+    deleted=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
+
+    # Restart FTL
+    service pihole-FTL restart
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -e "${OVER}  ${TICK} Deleted ${deleted} queries from long-term query database"
+    fi
 fi

advanced/Scripts/piholeLogRotate.sh

@@ -1,72 +0,0 @@
-#!/usr/bin/env bash
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Rotate Pi-hole's log file
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-colfile="/opt/pihole/COL_TABLE"
-# shellcheck source="./advanced/Scripts/COL_TABLE"
-source ${colfile}
-
-readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
-utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
-# shellcheck source="./advanced/Scripts/utils.sh"
-source "${utilsfile}"
-
-# In case we're running at the same time as a system logrotate, use a
-# separate logrotate state file to prevent stepping on each other's
-# toes.
-STATEFILE="/var/lib/logrotate/pihole"
-
-
-# Determine log file location
-LOGFILE=$(getFTLConfigValue "files.log.dnsmasq")
-if [ -z "$LOGFILE" ]; then
-    LOGFILE="/var/log/pihole/pihole.log"
-fi
-FTLFILE=$(getFTLConfigValue "files.log.ftl")
-if [ -z "$FTLFILE" ]; then
-    FTLFILE="/var/log/pihole/FTL.log"
-fi
-WEBFILE=$(getFTLConfigValue "files.log.webserver")
-if [ -z "$WEBFILE" ]; then
-    WEBFILE="/var/log/pihole/webserver.log"
-fi
-
-# Helper function to handle log rotation for a single file
-rotate_log() {
-    # This function copies x.log over to x.log.1
-    # and then empties x.log
-    # Note that moving the file is not an option, as
-    # dnsmasq would happily continue writing into the
-    # moved file (it will have the same file handler)
-    local logfile="$1"
-    if [[ "$*" != *"quiet"* ]]; then
-        echo -ne "  ${INFO} Rotating ${logfile} ..."
-    fi
-    cp -p "${logfile}" "${logfile}.1"
-    echo " " > "${logfile}"
-    chmod 640 "${logfile}"
-    if [[ "$*" != *"quiet"* ]]; then
-        echo -e "${OVER}  ${TICK} Rotated ${logfile} ..."
-    fi
-}
-
-# Nightly logrotation
-if command -v /usr/sbin/logrotate >/dev/null; then
-    # Logrotate once
-    if [[ "$*" != *"quiet"* ]]; then
-        echo -ne "  ${INFO} Running logrotate ..."
-    fi
-    mkdir -p "${STATEFILE%/*}"
-    /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
-else
-    # Handle rotation for each log file
-    rotate_log "${LOGFILE}"
-    rotate_log "${FTLFILE}"
-    rotate_log "${WEBFILE}"
-fi

advanced/Scripts/piholeNetworkFlush.sh

@@ -15,7 +15,7 @@ if [[ -f ${coltable} ]]; then
     source ${coltable}
 fi
 
-PI_HOLE_SCRIPT_DIR="/opt/pihole"
+readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
 utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 # shellcheck source=./advanced/Scripts/utils.sh
 source "${utilsfile}"

advanced/Scripts/update.sh

@@ -102,50 +102,6 @@ GitCheckUpdateAvail() {
     fi
 }
 
-updateWarnDialog() {
-    # Display the warning dialog
-
-    local core_str web_str ftl_str
-
-    if [[ "${core_update}" == true ]]; then
-        core_str="Core: \\Zb\\Z1update available\\Zn"
-    else
-        core_str="Core: \\Zb\\Z4up to date\\Zn"
-    fi
-    if [[ "${web_update}" == true ]]; then
-        web_str="Web:  \\Zb\\Z1update available\\Zn"
-    else
-        web_str="Web:  \\Zb\\Z4up to date\\Zn"
-    fi
-    if [[ "${FTL_update}" == true ]]; then
-        ftl_str="FTL:  \\Zb\\Z1update available\\Zn"
-    else
-        ftl_str="FTL:  \\Zb\\Z4up to date\\Zn"
-    fi
-    # shellcheck disable=SC2154 # Variables "${r}" "${c}" are defined in the main script
-    dialog --no-shadow --clear --keep-tite \
-        --colors \
-        --backtitle "Updating Pi-hole" \
-        --title "Warning" \
-        --no-button "Exit" --yes-button "Continue" \
-        --defaultno \
-        --yesno "\\nThe following Pi-hole components are going to be updated.\\n\\n\\n\
-        $core_str\\n\
-        $web_str\\n\
-        $ftl_str\\n\\n\\n\
-\\Zb\\Z1IMPORTANT:\\Zn Make a (teleporter) backup of your system!\\n\\n\
-Updates can come with significant changes. Please read the changelog at https://pi-hole.net/blog carefully.\\n\\n\\n\
-Please confirm you want to start the update process." \
-        "${r}" "${c}" && result=0 || result="$?"
-
-    case "${result}" in
-    "${DIALOG_CANCEL}" | "${DIALOG_ESC}")
-        printf "  %b User canceled the update process.\\n" "${INFO}"
-        exit 1
-        ;;
-    esac
-}
-
 main() {
     local basicError="\\n  ${COL_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
     local core_update
@@ -193,37 +149,31 @@ main() {
         echo -e "  ${INFO} Web Interface:\\t${COL_GREEN}up to date${COL_NC}"
     fi
 
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        local funcOutput
-        funcOutput=$(get_binary_name) #Store output of get_binary_name here
-        local binary
-        binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
+    local funcOutput
+    funcOutput=$(get_binary_name) #Store output of get_binary_name here
+    local binary
+    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
 
-        if FTLcheckUpdate "${binary}" &>/dev/null; then
-            FTL_update=true
-            echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
-        else
-            case $? in
-                1)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
-                    ;;
-                2)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
-                    exit 1
-                    ;;
-                3)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
-                    exit 1
-                    ;;
-                *)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
-                    exit 1
-            esac
-            FTL_update=false
-        fi
+    if FTLcheckUpdate "${binary}" &>/dev/null; then
+        FTL_update=true
+        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
     else
-        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}--skipFTL set - update check skipped${COL_NC}"
+        case $? in
+            1)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
+                ;;
+            2)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
+                exit 1
+                ;;
+            3)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
+                exit 1
+                ;;
+            *)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
+                exit 1
+        esac
         FTL_update=false
     fi
 
@@ -252,11 +202,6 @@ main() {
         exit 0
     fi
 
-    # if there is any update, show the warning dialog and ask for confirmation
-    if [[ "${core_update}" == true || "${web_update}" == true || "${FTL_update}" == true ]]; then
-        updateWarnDialog
-    fi
-
     if [[ "${core_update}" == true ]]; then
         echo ""
         echo -e "  ${INFO} Pi-hole core files out of date, updating local repo."
@@ -277,14 +222,7 @@ main() {
     fi
 
     if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then
-        local addionalFlag
-
-        if [[ ${skipFTL} == true ]]; then
-             addionalFlag="--skipFTL"
-        else
-             addionalFlag=""
-        fi
-        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended ${addionalFlag} || \
+        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended || \
             echo -e "${basicError}" && exit 1
     fi
 
@@ -304,15 +242,8 @@ main() {
     exit 0
 }
 
-CHECK_ONLY=false
-skipFTL=false
-
-# Check arguments
-for var in "$@"; do
-    case "$var" in
-    "--check-only") CHECK_ONLY=true ;;
-    "--skipFTL") skipFTL=true ;;
-    esac
-done
+if [[ "$1" == "--check-only" ]]; then
+    CHECK_ONLY=true
+fi
 
 main

advanced/Scripts/updatecheck.sh

@@ -50,10 +50,9 @@ rm -f "/etc/pihole/GitHubVersions"
 rm -f "/etc/pihole/localbranches"
 rm -f "/etc/pihole/localversions"
 
+# Create new versions file if it does not exist
 VERSION_FILE="/etc/pihole/versions"
-
-# Truncates the file to zero length if it exists to clear it up, otherwise creates an empty file.
-truncate -s 0 "${VERSION_FILE}"
+touch "${VERSION_FILE}"
 chmod 644 "${VERSION_FILE}"
 
 # if /pihole.docker.tag file exists, we will use it's value later in this script

advanced/Scripts/utils.sh

@@ -30,6 +30,9 @@ addOrEditKeyValPair() {
   local key="${2}"
   local value="${3}"
 
+  # touch file to prevent grep error if file does not exist yet
+  touch "${file}"
+
   if grep -q "^${key}=" "${file}"; then
     # Key already exists in file, modify the value
     sed -i "/^${key}=/c\\${key}=${value}" "${file}"

advanced/Templates/pihole-FTL-prestart.sh

@@ -8,20 +8,12 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 
 # Get file paths
 FTL_PID_FILE="$(getFTLConfigValue files.pid)"
-FTL_LOG_FILE="$(getFTLConfigValue files.log.ftl)"
-PIHOLE_LOG_FILE="$(getFTLConfigValue files.log.dnsmasq)"
-WEBSERVER_LOG_FILE="$(getFTLConfigValue files.log.webserver)"
-FTL_PID_FILE="${FTL_PID_FILE:-/run/pihole-FTL.pid}"
-FTL_LOG_FILE="${FTL_LOG_FILE:-/var/log/pihole/FTL.log}"
-PIHOLE_LOG_FILE="${PIHOLE_LOG_FILE:-/var/log/pihole/pihole.log}"
-WEBSERVER_LOG_FILE="${WEBSERVER_LOG_FILE:-/var/log/pihole/webserver.log}"
 
 # Ensure that permissions are set so that pihole-FTL can edit all necessary files
 mkdir -p /var/log/pihole
 chown -R pihole:pihole /etc/pihole/ /var/log/pihole/
 
 # allow all users read version file (and use pihole -v)
-touch /etc/pihole/versions
 chmod 0644 /etc/pihole/versions
 
 # allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs)
@@ -36,7 +28,7 @@ chown root:root /etc/pihole/logrotate
 
 # Touch files to ensure they exist (create if non-existing, preserve if existing)
 [ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
-[ -f "${FTL_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${FTL_LOG_FILE}"
-[ -f "${PIHOLE_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${PIHOLE_LOG_FILE}"
-[ -f "${WEBSERVER_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${WEBSERVER_LOG_FILE}"
+[ -f /var/log/pihole/FTL.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
+[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
+[ -f /var/log/pihole/webserver.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/webserver.log
 [ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases

advanced/Templates/pihole-FTL.openrc

@@ -13,7 +13,7 @@ extra_started_commands="reload"
 
 respawn_max=5
 respawn_period=60
-capabilities="^CAP_NET_BIND_SERVICE,^CAP_NET_RAW,^CAP_NET_ADMIN,^CAP_SYS_NICE,^CAP_IPC_LOCK,^CAP_CHOWN,^CAP_SYS_TIME"
+capabilities="^CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN,CAP_SYS_TIME"
 
 depend() {
     want net

advanced/Templates/pihole-FTL.service

@@ -57,9 +57,9 @@ start() {
 stop() {
   if is_running; then
     kill "${FTL_PID}"
-    # Give FTL 120 seconds to gracefully stop
+    # Give FTL 60 seconds to gracefully stop
     i=1
-    while [ "${i}" -le 120 ]; do
+    while [ "${i}" -le 60 ]; do
       if ! is_running; then
         break
       fi

advanced/Templates/pihole-FTL.systemd

@@ -17,18 +17,18 @@ StartLimitIntervalSec=60s
 
 [Service]
 User=pihole
+PermissionsStartOnly=true
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN CAP_SYS_TIME
 
-# Run prestart with elevated permissions
-ExecStartPre=+/opt/pihole/pihole-FTL-prestart.sh
+ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
 ExecStart=/usr/bin/pihole-FTL -f
 Restart=on-failure
 RestartSec=5s
 ExecReload=/bin/kill -HUP $MAINPID
-ExecStopPost=+/opt/pihole/pihole-FTL-poststop.sh
+ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh
 
 # Use graceful shutdown with a reasonable timeout
-TimeoutStopSec=120s
+TimeoutStopSec=60s
 
 # Make /usr, /boot, /etc and possibly some more folders read-only...
 ProtectSystem=full

advanced/Templates/pihole.cron

@@ -24,7 +24,7 @@
 #          The flush script will use logrotate if available
 #          parameter "once": logrotate only once (default is twice)
 #          parameter "quiet": don't print messages
-00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole logrotate quiet
+00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
 
 @reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate
 

automated install/basic-install.sh

@@ -84,7 +84,7 @@ webInterfaceDir="${webroot}/admin"
 piholeGitUrl="https://github.com/pi-hole/pi-hole.git"
 PI_HOLE_LOCAL_REPO="/etc/.pihole"
 # List of pihole scripts, stored in an array
-PI_HOLE_FILES=(list piholeDebug piholeLogFlush piholeLogRotate setupLCD update version gravity uninstall webpage)
+PI_HOLE_FILES=(list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage)
 # This directory is where the Pi-hole scripts will be installed
 PI_HOLE_INSTALL_DIR="/opt/pihole"
 PI_HOLE_CONFIG_DIR="/etc/pihole"
@@ -116,11 +116,11 @@ c=70
 PIHOLE_META_PACKAGE_CONTROL_APT=$(
     cat <<EOM
 Package: pihole-meta
-Version: 0.6
+Version: 0.5
 Maintainer: Pi-hole team <adblock@pi-hole.net>
 Architecture: all
 Description: Pi-hole dependency meta package
-Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,bind9-dnsutils|dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,procps,psmisc,sudo,unzip
+Depends: awk,bash-completion,binutils,ca-certificates,cron|cron-daemon,curl,dialog,dnsutils,dns-root-data,git,grep,iproute2,iputils-ping,jq,libcap2,libcap2-bin,lshw,procps,psmisc,sudo,unzip
 Section: contrib/metapackages
 Priority: optional
 EOM
@@ -155,7 +155,7 @@ EOM
 )
 
 # List of required packages on APK based systems
-PIHOLE_META_VERSION_APK=0.2
+PIHOLE_META_VERSION_APK=0.1
 PIHOLE_META_DEPS_APK=(
     bash
     bash-completion
@@ -165,8 +165,6 @@ PIHOLE_META_DEPS_APK=(
     cronie
     curl
     dialog
-    doas # sudo replacement
-    doas-sudo-shim
     git
     grep
     iproute2-minimal # piholeARPTable.sh
@@ -180,8 +178,10 @@ PIHOLE_META_DEPS_APK=(
     procps-ng
     psmisc
     shadow
+    sudo
     tzdata
     unzip
+    wget
 )
 
 ######## Undocumented Flags. Shhh ########
@@ -189,27 +189,14 @@ PIHOLE_META_DEPS_APK=(
 # The runUnattended flag is one example of this
 repair=false
 runUnattended=false
-skipFTL=false
 # Check arguments for the undocumented flags
 for var in "$@"; do
     case "${var}" in
     "--repair") repair=true ;;
     "--unattended") runUnattended=true ;;
-    "--skipFTL") skipFTL=true ;;
     esac
 done
 
-if [[ "${runUnattended}" == true ]]; then
-    # In order to run an unattended setup, a pre-seeded /etc/pihole/pihole.toml must exist
-    if [[ ! -f "${PI_HOLE_CONFIG_DIR}/pihole.toml" ]]; then
-        printf "  %b Error: \"%s\" not found. Cannot run unattended setup\\n" "${CROSS}" "${PI_HOLE_CONFIG_DIR}/pihole.toml"
-        exit 1
-    fi
-    printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
-    # also disable debconf-apt-progress dialogs
-    export DEBIAN_FRONTEND="noninteractive"
-fi
-
 # If the color table file exists,
 if [[ -f "${coltable}" ]]; then
     # source it
@@ -707,11 +694,10 @@ chooseInterface() {
             status="OFF"
         done
         # Disable check for double quote here as we are passing a string with spaces
-        # shellcheck disable=SC2086
         PIHOLE_INTERFACE=$(dialog --no-shadow --keep-tite --output-fd 1 \
             --cancel-label "Exit" --ok-label "Select" \
             --radiolist "Choose An Interface (press space to toggle selection)" \
-            ${r} ${c} "${interfaceCount}" ${interfacesList})
+            ${r} ${c} "${interfaceCount}" "${interfacesList}")
 
         result=$?
         case ${result} in
@@ -1265,6 +1251,10 @@ install_manpage() {
         # if not present, create man8 directory
         install -d -m 755 /usr/local/share/man/man8
     fi
+    if [[ ! -d "/usr/local/share/man/man5" ]]; then
+        # if not present, create man5 directory
+        install -d -m 755 /usr/local/share/man/man5
+    fi
     # Testing complete, copy the files & update the man db
     install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/manpages/pihole.8 /usr/local/share/man/man8/pihole.8
 
@@ -1817,12 +1807,6 @@ clone_or_reset_repos() {
     # If the user wants to repair/update,
     if [[ "${repair}" == true ]]; then
         printf "  %b Resetting local repos\\n" "${INFO}"
-
-        # import getFTLConfigValue from utils.sh
-        source "/opt/pihole/utils.sh"
-        # Use the configured Web repo location on repair/update
-        webInterfaceDir=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
-
         # Reset the Core repo
         resetRepo ${PI_HOLE_LOCAL_REPO} ||
             {
@@ -1964,18 +1948,9 @@ get_binary_name() {
 
     # If the machine is aarch64 (armv8)
     if [[ "${machine}" == "aarch64" ]]; then
-        if [[ "$(getconf LONG_BIT)" == "64" ]]; then
-            # If the OS is 64 bit, we use the arm64 binary
-            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
-            l_binary="pihole-FTL-arm64"
-        else
-            # If the OS is 32 bit, we use the armv7 binary (aarch64 is actually armv8)
-            # Even though the machine is 64 bit capable, this makes debugging
-            # very hard as 32bit tools like gdb, etc. cannot analyze the 64 bit
-            # binary. See FTL issue #2494 for such an example.
-            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture with 32 bit OS\\n" "${OVER}" "${TICK}"
-            l_binary="pihole-FTL-armv7"
-        fi
+        # If AArch64 is found (e.g., BCM2711 in Raspberry Pi 4)
+        printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
+        l_binary="pihole-FTL-arm64"
     elif [[ "${machine}" == "arm"* ]]; then
         # ARM 32 bit
         # Get supported processor from other binaries installed on the system
@@ -2345,18 +2320,21 @@ main() {
 
     # Check if there is a usable FTL binary available on this architecture - do
     # this early on as FTL is a hard dependency for Pi-hole
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        # Get the binary name for the current architecture
-        local funcOutput
-        funcOutput=$(get_binary_name) #Store output of get_binary_name here
-        # Abort early if this processor is not supported (get_binary_name returns empty string)
-        if [[ "${funcOutput}" == "" ]]; then
-            printf "  %b Upgrade/install aborted\\n" "${CROSS}" "${DISTRO_NAME}"
-            exit 1
+    local funcOutput
+    funcOutput=$(get_binary_name) #Store output of get_binary_name here
+    # Abort early if this processor is not supported (get_binary_name returns empty string)
+    if [[ "${funcOutput}" == "" ]]; then
+        printf "  %b Upgrade/install aborted\\n" "${CROSS}" "${DISTRO_NAME}"
+        exit 1
+    fi
+
+    if [[ "${fresh_install}" == false ]]; then
+        # if it's running unattended,
+        if [[ "${runUnattended}" == true ]]; then
+            printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
+            # also disable debconf-apt-progress dialogs
+            export DEBIAN_FRONTEND="noninteractive"
         fi
-    else
-        printf "  %b %b--skipFTL set - skipping architecture check%b\\n" "${INFO}" "${COL_YELLOW}" "${COL_NC}"
     fi
 
     if [[ "${fresh_install}" == true ]]; then
@@ -2389,18 +2367,13 @@ main() {
     create_pihole_user
 
     # Download and install FTL
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        local binary
-        binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
-        local theRest
-        theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL")
-        if ! FTLdetect "${binary}" "${theRest}"; then
-            printf "  %b FTL Engine not installed\\n" "${CROSS}"
-            exit 1
-        fi
-    else
-        printf "  %b %b--skipFTL set - skipping FTL binary installation%b\\n" "${INFO}" "${COL_YELLOW}" "${COL_NC}"
+    local binary
+    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
+    local theRest
+    theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL")
+    if ! FTLdetect "${binary}" "${theRest}"; then
+        printf "  %b FTL Engine not installed\\n" "${CROSS}"
+        exit 1
     fi
 
     # Install and log everything to a file

gravity.sh

@@ -611,8 +611,8 @@ compareLists() {
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}"
-  local listCurlBuffer str httpCode success="" ip customUpstreamResolver=""
-  local file_path ip_addr port blocked=false download=true
+  local listCurlBuffer str curlJson httpCode curlErrorMsg="" curlExitCode="" success="" ip customUpstreamResolver=""
+  local file_path permissions ip_addr port blocked=false download=true
   # modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
   local modifiedOptions=()
 
@@ -721,54 +721,48 @@ gravity_DownloadBlocklistFromUrl() {
     fi
   fi
 
-  # If we "download" a local file (file://), verify read access before using it.
-    # When running as root (e.g., via pihole -g), check that the 'pihole' user can read the file
-    # to match the effective runtime user of FTL; otherwise, check the current user's read access
-    # (e.g., in Docker or when invoked by a non-root user). The target must
-    # resolve to a regular file and be readable by the evaluated user.
-  if [[ "${url}" == "file:/"* ]]; then
+  # If we are going to "download" a local file, we first check if the target
+  # file has a+r permission. We explicitly check for all+read because we want
+  # to make sure that the file is readable by everyone and not just the user
+  # running the script.
+  if [[ $url == "file://"* ]]; then
     # Get the file path
-    file_path=$(echo "${url}" | cut -d'/' -f3-)
+    file_path=$(echo "$url" | cut -d'/' -f3-)
     # Check if the file exists and is a regular file (i.e. not a socket, fifo, tty, block). Might still be a symlink.
-    if [[ ! -f ${file_path} ]]; then
-        # Output that the file does not exist
-        echo -e "${OVER}  ${CROSS} ${file_path} does not exist"
-        download=false
+    if [[ ! -f $file_path ]]; then
+      # Output that the file does not exist
+      echo -e "${OVER}  ${CROSS} ${file_path} does not exist"
+      download=false
     else
-        if [ "$(id -un)" == "root" ]; then
-            # If we are root, we need to check if the pihole user has read permission
-            #  otherwise, we might read files that the pihole user should not be able to read
-            if sudo -u pihole test -r "${file_path}"; then
-                echo -e "${OVER}  ${INFO} Using local file ${file_path}"
-            else
-                echo -e "${OVER}  ${CROSS} Cannot read file (user 'pihole' lacks read permission)"
-                download=false
-            fi
-        else
-            # If we are not root, we just check if the current user has read permission
-            if [[ -r "${file_path}" ]]; then
-                # Output that we are using the local file
-                echo -e "${OVER}  ${INFO} Using local file ${file_path}"
-            else
-                # Output that the file is not readable by the current user
-                echo -e "${OVER}  ${CROSS} Cannot read file (current user '$(id -un)' lacks read permission)"
-                download=false
-            fi
-        fi
+      # Check if the file or a file referenced by the symlink has a+r permissions
+      permissions=$(stat -L -c "%a" "$file_path")
+      if [[ $permissions == *4 || $permissions == *5 || $permissions == *6 || $permissions == *7 ]]; then
+        # Output that we are using the local file
+        echo -e "${OVER}  ${INFO} Using local file ${file_path}"
+      else
+        # Output that the file does not have the correct permissions
+        echo -e "${OVER}  ${CROSS} Cannot read file (file needs to have a+r permission)"
+        download=false
+      fi
     fi
   fi
 
   # Check for allowed protocols
   if [[ $url != "http"* && $url != "https"* && $url != "file"* && $url != "ftp"* && $url != "ftps"* && $url != "sftp"* ]]; then
     echo -e "${OVER}  ${CROSS} ${str} Invalid protocol specified. Ignoring list."
-    echo -e "      Ensure your URL starts with a valid protocol like http:// , https:// or file:// ."
+    echo -e "Ensure your URL starts with a valid protocol like http:// , https:// or file:// ."
     download=false
   fi
 
   if [[ "${download}" == true ]]; then
-    httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null)
+    curlJson=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression:+${compression}} ${customUpstreamResolver:+${customUpstreamResolver}} "${modifiedOptions[@]}" -w "%{json}" "${url}" -o "${listCurlBuffer}")
   fi
 
+  # Retrieve the HTTP code, exit code and error message returned by curl command
+  httpCode=$(echo "${curlJson}" | jq '.http_code')
+  curlErrorMsg=$(echo "${curlJson}" | jq '.errormsg')
+  curlExitCode=$(echo "${curlJson}" | jq '.exitcode')
+
   case $url in
   # Did we "download" a local file?
   "file"*)
@@ -791,7 +785,6 @@ gravity_DownloadBlocklistFromUrl() {
       echo -e "${OVER}  ${TICK} ${str} No changes detected"
       success=true
       ;;
-    "000") echo -e "${OVER}  ${CROSS} ${str} Connection Refused" ;;
     "403") echo -e "${OVER}  ${CROSS} ${str} Forbidden" ;;
     "404") echo -e "${OVER}  ${CROSS} ${str} Not found" ;;
     "408") echo -e "${OVER}  ${CROSS} ${str} Time-out" ;;
@@ -800,7 +793,7 @@ gravity_DownloadBlocklistFromUrl() {
     "504") echo -e "${OVER}  ${CROSS} ${str} Connection Timed Out (Gateway)" ;;
     "521") echo -e "${OVER}  ${CROSS} ${str} Web Server Is Down (Cloudflare)" ;;
     "522") echo -e "${OVER}  ${CROSS} ${str} Connection Timed Out (Cloudflare)" ;;
-    *) echo -e "${OVER}  ${CROSS} ${str} ${url} (${httpCode})" ;;
+    *) echo -e "${OVER}  ${CROSS} ${str} Failure (exit_code=${COL_RED}${curlExitCode}${COL_NC} Msg: ${COL_CYAN}${curlErrorMsg}${COL_NC})" ;;
     esac
     ;;
   esac
@@ -822,10 +815,6 @@ gravity_DownloadBlocklistFromUrl() {
       fix_owner_permissions "${saveLocation}"
       # Compare lists if they are identical
       compareLists "${adlistID}" "${saveLocation}"
-      # Set permissions for the *.etag file
-      if [[ -f "${saveLocation}.etag" ]]; then
-          fix_owner_permissions "${saveLocation}.etag"
-      fi
       # Add domains to database table file
       pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}"
       done="true"
@@ -962,7 +951,7 @@ database_recovery() {
   else
     echo -e "${OVER}  ${CROSS} ${str} - the following errors happened:"
     while IFS= read -r line; do echo "  - $line"; done <<<"$result"
-    echo -e "  ${CROSS} Recovery failed. Try \"pihole -g -r recreate\" instead."
+    echo -e "  ${CROSS} Recovery failed. Try \"pihole -r recreate\" instead."
     exit 1
   fi
   echo ""
@@ -1145,7 +1134,7 @@ fi
 
 if [[ "${forceDelete:-}" == true ]]; then
   str="Deleting existing list cache"
-  echo -ne "  ${INFO} ${str}..."
+  echo -ne "${INFO} ${str}..."
 
   rm "${listsCacheDir}/list.*" 2>/dev/null || true
   echo -e "${OVER}  ${TICK} ${str}"

manpages/pihole.8

@@ -100,12 +100,9 @@ Available commands and options:
       -c                Include a Pi-hole database integrity check
 .br
 
-\fB-f, flush\fR [quite]
+\fB-f, flush\fR
 .br
-    Flush the Pi-hole log and last 24h from the query database
-.br
-
-      quite           Suppress output
+    Flush the Pi-hole log
 .br
 
 \fB-r, repair\fR
@@ -245,14 +242,6 @@ Available commands and options:
       verbose           Show authentication and status messages
 .br
 
-\fBlogrotate\fR [quite]
-.br
-    Rotate Pi-hole's log files
-.br
-
-      quite           Suppress output
-.br
-
 .SH "EXAMPLE"
 
 Some usage examples

pihole

@@ -92,13 +92,8 @@ debugFunc() {
 }
 
 flushFunc() {
-    # unsupported in docker because it requires restarting FTL
-    if [ -n "${DOCKER_VERSION}" ]; then
-        unsupportedFunc
-    else
-        "${PI_HOLE_SCRIPT_DIR}"/piholeLogFlush.sh "$@"
-        exit 0
-    fi
+  "${PI_HOLE_SCRIPT_DIR}"/piholeLogFlush.sh "$@"
+  exit 0
 }
 
 # Deprecated function, should be removed in the future
@@ -110,11 +105,6 @@ arpFunc() {
   exit 0
 }
 
-logrotateFunc() {
-   "${PI_HOLE_SCRIPT_DIR}"/piholeLogRotate.sh "$@"
-    exit 0
-}
-
 networkFlush() {
   shift
   "${PI_HOLE_SCRIPT_DIR}"/piholeNetworkFlush.sh "$@"
@@ -135,22 +125,7 @@ repairPiholeFunc() {
   if [ -n "${DOCKER_VERSION}" ]; then
     unsupportedFunc
   else
-    local skipFTL additionalFlag
-    skipFTL=false
-    # Check arguments
-    for var in "$@"; do
-        case "$var" in
-            "--skipFTL") skipFTL=true ;;
-        esac
-    done
-
-    if [ "${skipFTL}" == true ]; then
-        additionalFlag="--skipFTL"
-    else
-        additionalFlag=""
-    fi
-
-    /etc/.pihole/automated\ install/basic-install.sh --repair ${additionalFlag}
+    /etc/.pihole/automated\ install/basic-install.sh --repair
     exit 0;
   fi
 }
@@ -527,8 +502,7 @@ Debugging Options:
   -d, debug           Start a debugging session
                         Add '-c' or '--check-database' to include a Pi-hole database integrity check
                         Add '-a' to automatically upload the log to tricorder.pi-hole.net
-  -f, flush           Flush the Pi-hole logs and last 24h from the query database
-                        Add 'quiet' to suppress output messages
+  -f, flush           Flush the Pi-hole log
   -r, repair          Repair Pi-hole subsystems
   -t, tail [arg]      View the live output of the Pi-hole log.
                       Add an optional argument to filter the log
@@ -561,9 +535,7 @@ Options:
   checkout            Switch Pi-hole subsystems to a different GitHub branch
                         Add '-h' for more info on checkout usage
   networkflush        Flush information stored in Pi-hole's network tables
-                        Add '--arp' to additionally flush the ARP table
-  logrotate          Rotate Pi-hole's log files
-                        Add 'quiet' to suppress output messages";
+                        Add '--arp' to additionally flush the ARP table ";
   exit 0
 }
 
@@ -606,7 +578,6 @@ case "${1}" in
   "arpflush"                      ) need_root=true;; # Deprecated, use networkflush instead
   "networkflush"                  ) need_root=true;;
   "-t" | "tail"                   ) need_root=true;;
-  "logrotate"                    ) need_root=true;;
   *                               ) helpFunc;;
 esac
 
@@ -630,7 +601,7 @@ case "${1}" in
   "-d" | "debug"                  ) debugFunc "$@";;
   "-f" | "flush"                  ) flushFunc "$@";;
   "-up" | "updatePihole"          ) updatePiholeFunc "$@";;
-  "-r"  | "repair"                ) repairPiholeFunc "$@";;
+  "-r"  | "repair"                ) repairPiholeFunc;;
   "-g" | "updateGravity"          ) updateGravityFunc "$@";;
   "-l" | "logging"                ) piholeLogging "$@";;
   "uninstall"                     ) uninstallFunc;;
@@ -642,6 +613,5 @@ case "${1}" in
   "arpflush"                      ) arpFunc "$@";; # Deprecated, use networkflush instead
   "networkflush"                  ) networkFlush "$@";;
   "-t" | "tail"                   ) tailFunc "$2";;
-  "logrotate"                     ) logrotateFunc "$@";;
   *                               ) helpFunc;;
 esac

test/_alpine_3_23.Dockerfile

@@ -1,18 +0,0 @@
-FROM alpine:3.23
-
-ENV GITDIR=/etc/.pihole
-ENV SCRIPTDIR=/opt/pihole
-RUN sed -i 's/#\(.*\/community\)/\1/' /etc/apk/repositories
-RUN apk --no-cache add bash coreutils curl git jq openrc shadow
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
-ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV SKIP_INSTALL=true
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_43.Dockerfile

@@ -1,17 +0,0 @@
-FROM fedora:43
-RUN dnf install -y git initscripts
-
-ENV GITDIR=/etc/.pihole
-ENV SCRIPTDIR=/opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
-ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV SKIP_INSTALL=true
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/conftest.py

@@ -51,19 +51,29 @@ def mock_command(script, args, container):
     in unit tests
     """
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(r"""\
+    mock_script = dedent(
+        r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1" in""".format(script=script))
+    case "\$1" in""".format(
+            script=script
+        )
+    )
     for k, v in args.items():
-        case = dedent("""
+        case = dedent(
+            """
         {arg})
         echo {res}
         exit {retcode}
-        ;;""".format(arg=k, res=v[0], retcode=v[1]))
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
         mock_script += case
-    mock_script += dedent("""
-    esac""")
+    mock_script += dedent(
+        """
+    esac"""
+    )
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF
@@ -84,23 +94,37 @@ def mock_command_passthrough(script, args, container):
     """
     orig_script_path = container.check_output("command -v {}".format(script))
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(r"""\
+    mock_script = dedent(
+        r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1" in""".format(script=script))
+    case "\$1" in""".format(
+            script=script
+        )
+    )
     for k, v in args.items():
-        case = dedent("""
+        case = dedent(
+            """
         {arg})
         echo {res}
         exit {retcode}
-        ;;""".format(arg=k, res=v[0], retcode=v[1]))
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
         mock_script += case
-    mock_script += dedent(r"""
+    mock_script += dedent(
+        r"""
     *)
     {orig_script_path} "\$@"
-    ;;""".format(orig_script_path=orig_script_path))
-    mock_script += dedent("""
-    esac""")
+    ;;""".format(
+            orig_script_path=orig_script_path
+        )
+    )
+    mock_script += dedent(
+        """
+    esac"""
+    )
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF
@@ -117,19 +141,29 @@ def mock_command_run(script, args, container):
     in unit tests
     """
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(r"""\
+    mock_script = dedent(
+        r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1 \$2" in""".format(script=script))
+    case "\$1 \$2" in""".format(
+            script=script
+        )
+    )
     for k, v in args.items():
-        case = dedent("""
+        case = dedent(
+            """
         \"{arg}\")
         echo {res}
         exit {retcode}
-        ;;""".format(arg=k, res=v[0], retcode=v[1]))
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
         mock_script += case
-    mock_script += dedent(r"""
-    esac""")
+    mock_script += dedent(
+        """
+    esac"""
+    )
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF
@@ -146,19 +180,29 @@ def mock_command_2(script, args, container):
     in unit tests
     """
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(r"""\
+    mock_script = dedent(
+        r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1 \$2" in""".format(script=script))
+    case "\$1 \$2" in""".format(
+            script=script
+        )
+    )
     for k, v in args.items():
-        case = dedent("""
+        case = dedent(
+            """
         \"{arg}\")
         echo \"{res}\"
         exit {retcode}
-        ;;""".format(arg=k, res=v[0], retcode=v[1]))
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
         mock_script += case
-    mock_script += dedent(r"""
-    esac""")
+    mock_script += dedent(
+        """
+    esac"""
+    )
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF

test/requirements.txt

@@ -1,6 +1,6 @@
 pyyaml == 6.0.3
-pytest == 9.0.2
+pytest == 8.4.2
 pytest-xdist == 3.8.0
 pytest-testinfra == 10.2.2
-tox == 4.49.1
+tox == 4.31.0
 pytest-clarity == 1.0.1

test/test_any_automated_install.py

@@ -6,8 +6,10 @@ from .conftest import (
     info_box,
     cross_box,
     mock_command,
+    mock_command_run,
     mock_command_2,
     mock_command_passthrough,
+    run_script,
 )
 
 FTL_BRANCH = "development"
@@ -21,10 +23,12 @@ def test_supported_package_manager(host):
     host.run("rm -rf /usr/bin/apt-get")
     host.run("rm -rf /usr/bin/rpm")
     host.run("rm -rf /sbin/apk")
-    package_manager_detect = host.run("""
+    package_manager_detect = host.run(
+        """
     source /opt/pihole/basic-install.sh
     package_manager_detect
-    """)
+    """
+    )
     expected_stdout = cross_box + " No supported package manager found"
     assert expected_stdout in package_manager_detect.stdout
     # assert package_manager_detect.rc == 1
@@ -34,11 +38,13 @@ def test_selinux_not_detected(host):
     """
     confirms installer continues when SELinux configuration file does not exist
     """
-    check_selinux = host.run("""
+    check_selinux = host.run(
+        """
     rm -f /etc/selinux/config
     source /opt/pihole/basic-install.sh
     checkSelinux
-    """)
+    """
+    )
     expected_stdout = info_box + " SELinux not detected"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0
@@ -89,7 +95,8 @@ def test_installPihole_fresh_install_readableFiles(host):
     host.run("command -v apk > /dev/null && apk add mandoc man-pages")
     # Workaround to get FTLv6 installed until it reaches master branch
     host.run('echo "' + FTL_BRANCH + '" > /etc/pihole/ftlbranch')
-    install = host.run("""
+    install = host.run(
+        """
     export TERM=xterm
     export DEBIAN_FRONTEND=noninteractive
     umask 0027
@@ -98,7 +105,8 @@ def test_installPihole_fresh_install_readableFiles(host):
     runUnattended=true
     main
     /opt/pihole/pihole-FTL-prestart.sh
-    """)
+    """
+    )
     assert 0 == install.rc
     maninstalled = True
     if (info_box + " man not installed") in install.stdout:
@@ -154,6 +162,12 @@ def test_installPihole_fresh_install_readableFiles(host):
         check_man = test_cmd.format("r", "/usr/local/share/man/man8", piholeuser)
         actual_rc = host.run(check_man).rc
         assert exit_status_success == actual_rc
+        check_man = test_cmd.format("x", "/usr/local/share/man/man5", piholeuser)
+        actual_rc = host.run(check_man).rc
+        assert exit_status_success == actual_rc
+        check_man = test_cmd.format("r", "/usr/local/share/man/man5", piholeuser)
+        actual_rc = host.run(check_man).rc
+        assert exit_status_success == actual_rc
         check_man = test_cmd.format(
             "r", "/usr/local/share/man/man8/pihole.8", piholeuser
         )
@@ -187,11 +201,13 @@ def test_update_package_cache_success_no_errors(host):
     """
     confirms package cache was updated without any errors
     """
-    updateCache = host.run("""
+    updateCache = host.run(
+        """
     source /opt/pihole/basic-install.sh
     package_manager_detect
     update_package_cache
-    """)
+    """
+    )
     expected_stdout = tick_box + " Update local cache of available packages"
     assert expected_stdout in updateCache.stdout
     assert "error" not in updateCache.stdout.lower()
@@ -202,11 +218,13 @@ def test_update_package_cache_failure_no_errors(host):
     confirms package cache was not updated
     """
     mock_command("apt-get", {"update": ("", "1")}, host)
-    updateCache = host.run("""
+    updateCache = host.run(
+        """
     source /opt/pihole/basic-install.sh
     package_manager_detect
     update_package_cache
-    """)
+    """
+    )
     expected_stdout = cross_box + " Update local cache of available packages"
     assert expected_stdout in updateCache.stdout
     assert "Error: Unable to update package cache." in updateCache.stdout
@@ -242,14 +260,16 @@ def test_FTL_detect_no_errors(host, arch, detected_string, supported):
         host,
     )
     host.run('echo "' + FTL_BRANCH + '" > /etc/pihole/ftlbranch')
-    detectPlatform = host.run("""
+    detectPlatform = host.run(
+        """
     source /opt/pihole/basic-install.sh
     create_pihole_user
     funcOutput=$(get_binary_name)
     binary="pihole-FTL${funcOutput##*pihole-FTL}"
     theRest="${funcOutput%pihole-FTL*}"
     FTLdetect "${binary}" "${theRest}"
-    """)
+    """
+    )
     if supported:
         expected_stdout = info_box + " FTL Checks..."
         assert expected_stdout in detectPlatform.stdout
@@ -269,18 +289,22 @@ def test_FTL_development_binary_installed_and_responsive_no_errors(host):
     confirms FTL development binary is copied and functional in installed location
     """
     host.run('echo "' + FTL_BRANCH + '" > /etc/pihole/ftlbranch')
-    host.run("""
+    host.run(
+        """
     source /opt/pihole/basic-install.sh
     create_pihole_user
     funcOutput=$(get_binary_name)
     binary="pihole-FTL${funcOutput##*pihole-FTL}"
     theRest="${funcOutput%pihole-FTL*}"
     FTLdetect "${binary}" "${theRest}"
-    """)
-    version_check = host.run("""
+    """
+    )
+    version_check = host.run(
+        """
     VERSION=$(pihole-FTL version)
     echo ${VERSION:0:1}
-    """)
+    """
+    )
     expected_stdout = "v"
     assert expected_stdout in version_check.stdout
 
@@ -295,10 +319,12 @@ def test_IPv6_only_link_local(host):
         {"-6 address": ("inet6 fe80::d210:52fa:fe00:7ad7/64 scope link", "0")},
         host,
     )
-    detectPlatform = host.run("""
+    detectPlatform = host.run(
+        """
     source /opt/pihole/basic-install.sh
     find_IPv6_information
-    """)
+    """
+    )
     expected_stdout = "Unable to find IPv6 ULA/GUA address"
     assert expected_stdout in detectPlatform.stdout
 
@@ -318,10 +344,12 @@ def test_IPv6_only_ULA(host):
         },
         host,
     )
-    detectPlatform = host.run("""
+    detectPlatform = host.run(
+        """
     source /opt/pihole/basic-install.sh
     find_IPv6_information
-    """)
+    """
+    )
     expected_stdout = "Found IPv6 ULA address"
     assert expected_stdout in detectPlatform.stdout
 
@@ -341,10 +369,12 @@ def test_IPv6_only_GUA(host):
         },
         host,
     )
-    detectPlatform = host.run("""
+    detectPlatform = host.run(
+        """
     source /opt/pihole/basic-install.sh
     find_IPv6_information
-    """)
+    """
+    )
     expected_stdout = "Found IPv6 GUA address"
     assert expected_stdout in detectPlatform.stdout
 
@@ -365,10 +395,12 @@ def test_IPv6_GUA_ULA_test(host):
         },
         host,
     )
-    detectPlatform = host.run("""
+    detectPlatform = host.run(
+        """
     source /opt/pihole/basic-install.sh
     find_IPv6_information
-    """)
+    """
+    )
     expected_stdout = "Found IPv6 ULA address"
     assert expected_stdout in detectPlatform.stdout
 
@@ -389,10 +421,12 @@ def test_IPv6_ULA_GUA_test(host):
         },
         host,
     )
-    detectPlatform = host.run("""
+    detectPlatform = host.run(
+        """
     source /opt/pihole/basic-install.sh
     find_IPv6_information
-    """)
+    """
+    )
     expected_stdout = "Found IPv6 ULA address"
     assert expected_stdout in detectPlatform.stdout
 
@@ -403,10 +437,14 @@ def test_validate_ip(host):
     """
 
     def test_address(addr, success=True):
-        output = host.run("""
+        output = host.run(
+            """
         source /opt/pihole/basic-install.sh
         valid_ip "{addr}"
-        """.format(addr=addr))
+        """.format(
+                addr=addr
+            )
+        )
 
         assert output.rc == 0 if success else 1
 
@@ -441,13 +479,15 @@ def test_validate_ip(host):
 def test_package_manager_has_pihole_deps(host):
     """Confirms OS is able to install the required packages for Pi-hole"""
     mock_command("dialog", {"*": ("", "0")}, host)
-    output = host.run("""
+    output = host.run(
+        """
     source /opt/pihole/basic-install.sh
     package_manager_detect
     update_package_cache
     build_dependency_package
     install_dependent_packages
-    """)
+    """
+    )
 
     assert "No package" not in output.stdout
     assert output.rc == 0
@@ -456,17 +496,21 @@ def test_package_manager_has_pihole_deps(host):
 def test_meta_package_uninstall(host):
     """Confirms OS is able to install and uninstall the Pi-hole meta package"""
     mock_command("dialog", {"*": ("", "0")}, host)
-    install = host.run("""
+    install = host.run(
+        """
     source /opt/pihole/basic-install.sh
     package_manager_detect
     update_package_cache
     build_dependency_package
     install_dependent_packages
-    """)
+    """
+    )
     assert install.rc == 0
 
-    uninstall = host.run("""
+    uninstall = host.run(
+        """
     source /opt/pihole/uninstall.sh
     removeMetaPackage
-    """)
+    """
+    )
     assert uninstall.rc == 0

test/test_any_utils.py

@@ -1,26 +1,31 @@
 def test_key_val_replacement_works(host):
     """Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file"""
-    host.run("""
+    host.run(
+        """
     source /opt/pihole/utils.sh
-    touch ./testoutput
     addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
     addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
     addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3"
     addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4"
-    """)
-    output = host.run("""
+    """
+    )
+    output = host.run(
+        """
     cat ./testoutput
-    """)
+    """
+    )
     expected_stdout = "KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n"
     assert expected_stdout == output.stdout
 
 
 def test_getFTLPID_default(host):
     """Confirms getFTLPID returns the default value if FTL is not running"""
-    output = host.run("""
+    output = host.run(
+        """
     source /opt/pihole/utils.sh
     getFTLPID
-    """)
+    """
+    )
     expected_stdout = "-1\n"
     assert expected_stdout == output.stdout
 
@@ -31,7 +36,8 @@ def test_setFTLConfigValue_getFTLConfigValue(host):
     Requires FTL to be installed, so we do that first
     (taken from test_FTL_development_binary_installed_and_responsive_no_errors)
     """
-    host.run("""
+    host.run(
+        """
     source /opt/pihole/basic-install.sh
     create_pihole_user
     funcOutput=$(get_binary_name)
@@ -39,12 +45,15 @@ def test_setFTLConfigValue_getFTLConfigValue(host):
     binary="pihole-FTL${funcOutput##*pihole-FTL}"
     theRest="${funcOutput%pihole-FTL*}"
     FTLdetect "${binary}" "${theRest}"
-    """)
+    """
+    )
 
-    output = host.run("""
+    output = host.run(
+        """
     source /opt/pihole/utils.sh
     setFTLConfigValue "dns.upstreams" '["9.9.9.9"]' > /dev/null
     getFTLConfigValue "dns.upstreams"
-    """)
+    """
+    )
 
     assert "[ 9.9.9.9 ]" in output.stdout

test/test_centos_fedora_common_support.py

@@ -15,10 +15,14 @@ def mock_selinux_config(state, host):
     # getenforce returns the running state of SELinux
     mock_command("getenforce", {"*": (state.capitalize(), "0")}, host)
     # create mock configuration with desired content
-    host.run("""
+    host.run(
+        """
     mkdir /etc/selinux
     echo "SELINUX={state}" > /etc/selinux/config
-    """.format(state=state.lower()))
+    """.format(
+            state=state.lower()
+        )
+    )
 
 
 def test_selinux_enforcing_exit(host):
@@ -26,10 +30,12 @@ def test_selinux_enforcing_exit(host):
     confirms installer prompts to exit when SELinux is Enforcing by default
     """
     mock_selinux_config("enforcing", host)
-    check_selinux = host.run("""
+    check_selinux = host.run(
+        """
     source /opt/pihole/basic-install.sh
     checkSelinux
-    """)
+    """
+    )
     expected_stdout = cross_box + " Current SELinux: enforcing"
     assert expected_stdout in check_selinux.stdout
     expected_stdout = "SELinux Enforcing detected, exiting installer"
@@ -42,10 +48,12 @@ def test_selinux_permissive(host):
     confirms installer continues when SELinux is Permissive
     """
     mock_selinux_config("permissive", host)
-    check_selinux = host.run("""
+    check_selinux = host.run(
+        """
     source /opt/pihole/basic-install.sh
     checkSelinux
-    """)
+    """
+    )
     expected_stdout = tick_box + " Current SELinux: permissive"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0
@@ -56,10 +64,12 @@ def test_selinux_disabled(host):
     confirms installer continues when SELinux is Disabled
     """
     mock_selinux_config("disabled", host)
-    check_selinux = host.run("""
+    check_selinux = host.run(
+        """
     source /opt/pihole/basic-install.sh
     checkSelinux
-    """)
+    """
+    )
     expected_stdout = tick_box + " Current SELinux: disabled"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0

test/tox.alpine_3_23.ini

@@ -1,10 +0,0 @@
-[tox]
-envlist = py3
-
-[testenv:py3]
-allowlist_externals = docker
-deps = -rrequirements.txt
-setenv =
-    COLUMNS=120
-commands = docker buildx build --load --progress plain -f _alpine_3_23.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.fedora_43.ini

@@ -1,10 +0,0 @@
-[tox]
-envlist = py3
-
-[testenv]
-allowlist_externals = docker
-deps = -rrequirements.txt
-setenv =
-    COLUMNS=120
-commands = docker buildx build --load --progress plain -f _fedora_43.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py