Merge pull request 'docker_disable_flush' (#12 ) from docker_disable_flush into master

Reviewed-on: #12
Merge branch 'master' into docker_disable_flush
2026-03-18 14:09:43 +00:00 · 2026-03-18 14:09:34 +00:00 · 2026-03-18 14:09:03 +00:00 · 2026-03-18 14:08:55 +00:00 · 2026-03-18 14:08:37 +00:00 · 2026-03-18 14:08:30 +00:00
11 changed files with 145 additions and 80 deletions
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -17,11 +17,6 @@ utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 # shellcheck source="./advanced/Scripts/utils.sh"
 source "${utilsfile}"

-# In case we're running at the same time as a system logrotate, use a
-# separate logrotate state file to prevent stepping on each other's
-# toes.
-STATEFILE="/var/lib/logrotate/pihole"
-
 # Determine database location
 DBFILE=$(getFTLConfigValue "files.database")
 if [ -z "$DBFILE" ]; then
@@ -42,25 +37,6 @@ if [ -z "$WEBFILE" ]; then
    WEBFILE="/var/log/pihole/webserver.log"
 fi

-# Helper function to handle log rotation for a single file
-rotate_log() {
-    # This function copies x.log over to x.log.1
-    # and then empties x.log
-    # Note that moving the file is not an option, as
-    # dnsmasq would happily continue writing into the
-    # moved file (it will have the same file handler)
-    local logfile="$1"
-    if [[ "$*" != *"quiet"* ]]; then
-        echo -ne "  ${INFO} Rotating ${logfile} ..."
-    fi
-    cp -p "${logfile}" "${logfile}.1"
-    echo " " > "${logfile}"
-    chmod 640 "${logfile}"
-    if [[ "$*" != *"quiet"* ]]; then
-        echo -e "${OVER}  ${TICK} Rotated ${logfile} ..."
-    fi
-}
-
 # Helper function to handle log flushing for a single file
 flush_log() {
    local logfile="$1"
@@ -78,41 +54,23 @@ flush_log() {
    fi
 }

-if [[ "$*" == *"once"* ]]; then
-    # Nightly logrotation
-    if command -v /usr/sbin/logrotate >/dev/null; then
-        # Logrotate once
+# Manual flushing
+flush_log "${LOGFILE}"
+flush_log "${FTLFILE}"
+flush_log "${WEBFILE}"

-        if [[ "$*" != *"quiet"* ]]; then
-            echo -ne "  ${INFO} Running logrotate ..."
-        fi
-        mkdir -p "${STATEFILE%/*}"
-        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
-    else
-        # Handle rotation for each log file
-        rotate_log "${LOGFILE}"
-        rotate_log "${FTLFILE}"
-        rotate_log "${WEBFILE}"
-    fi
-else
-    # Manual flushing
-    flush_log "${LOGFILE}"
-    flush_log "${FTLFILE}"
-    flush_log "${WEBFILE}"
-
-    if [[ "$*" != *"quiet"* ]]; then
-        echo -ne "  ${INFO} Flushing database, DNS resolution temporarily unavailable ..."
-    fi
-
-    # Stop FTL to make sure it doesn't write to the database while we're deleting data
-    service pihole-FTL stop
-
-    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
-    deleted=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
-
-    # Restart FTL
-    service pihole-FTL restart
-    if [[ "$*" != *"quiet"* ]]; then
-        echo -e "${OVER}  ${TICK} Deleted ${deleted} queries from long-term query database"
-    fi
+if [[ "$*" != *"quiet"* ]]; then
+    echo -ne "  ${INFO} Flushing database, DNS resolution temporarily unavailable ..."
+fi
+
+# Stop FTL to make sure it doesn't write to the database while we're deleting data
+service pihole-FTL stop
+
+# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
+deleted=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
+
+# Restart FTL
+service pihole-FTL restart
+if [[ "$*" != *"quiet"* ]]; then
+    echo -e "${OVER}  ${TICK} Deleted ${deleted} queries from long-term query database"
 fi
--- a/advanced/Scripts/piholeLogRotate.sh
+++ b/advanced/Scripts/piholeLogRotate.sh
@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Rotate Pi-hole's log file
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+colfile="/opt/pihole/COL_TABLE"
+# shellcheck source="./advanced/Scripts/COL_TABLE"
+source ${colfile}
+
+readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck source="./advanced/Scripts/utils.sh"
+source "${utilsfile}"
+
+# In case we're running at the same time as a system logrotate, use a
+# separate logrotate state file to prevent stepping on each other's
+# toes.
+STATEFILE="/var/lib/logrotate/pihole"
+
+
+# Determine log file location
+LOGFILE=$(getFTLConfigValue "files.log.dnsmasq")
+if [ -z "$LOGFILE" ]; then
+    LOGFILE="/var/log/pihole/pihole.log"
+fi
+FTLFILE=$(getFTLConfigValue "files.log.ftl")
+if [ -z "$FTLFILE" ]; then
+    FTLFILE="/var/log/pihole/FTL.log"
+fi
+WEBFILE=$(getFTLConfigValue "files.log.webserver")
+if [ -z "$WEBFILE" ]; then
+    WEBFILE="/var/log/pihole/webserver.log"
+fi
+
+# Helper function to handle log rotation for a single file
+rotate_log() {
+    # This function copies x.log over to x.log.1
+    # and then empties x.log
+    # Note that moving the file is not an option, as
+    # dnsmasq would happily continue writing into the
+    # moved file (it will have the same file handler)
+    local logfile="$1"
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -ne "  ${INFO} Rotating ${logfile} ..."
+    fi
+    cp -p "${logfile}" "${logfile}.1"
+    echo " " > "${logfile}"
+    chmod 640 "${logfile}"
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -e "${OVER}  ${TICK} Rotated ${logfile} ..."
+    fi
+}
+
+# Nightly logrotation
+if command -v /usr/sbin/logrotate >/dev/null; then
+    # Logrotate once
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -ne "  ${INFO} Running logrotate ..."
+    fi
+    mkdir -p "${STATEFILE%/*}"
+    /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
+else
+    # Handle rotation for each log file
+    rotate_log "${LOGFILE}"
+    rotate_log "${FTLFILE}"
+    rotate_log "${WEBFILE}"
+fi
--- a/advanced/Scripts/updatecheck.sh
+++ b/advanced/Scripts/updatecheck.sh
@@ -50,9 +50,10 @@ rm -f "/etc/pihole/GitHubVersions"
 rm -f "/etc/pihole/localbranches"
 rm -f "/etc/pihole/localversions"

-# Create new versions file if it does not exist
 VERSION_FILE="/etc/pihole/versions"
-touch "${VERSION_FILE}"
+
+# Truncates the file to zero length if it exists to clear it up, otherwise creates an empty file.
+truncate -s 0 "${VERSION_FILE}"
 chmod 644 "${VERSION_FILE}"

 # if /pihole.docker.tag file exists, we will use it's value later in this script
--- a/advanced/Scripts/utils.sh
+++ b/advanced/Scripts/utils.sh
@@ -30,9 +30,6 @@ addOrEditKeyValPair() {
  local key="${2}"
  local value="${3}"

-  # touch file to prevent grep error if file does not exist yet
-  touch "${file}"
-
  if grep -q "^${key}=" "${file}"; then
    # Key already exists in file, modify the value
    sed -i "/^${key}=/c\\${key}=${value}" "${file}"
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -57,9 +57,9 @@ start() {
 stop() {
  if is_running; then
    kill "${FTL_PID}"
-    # Give FTL 60 seconds to gracefully stop
+    # Give FTL 120 seconds to gracefully stop
    i=1
-    while [ "${i}" -le 60 ]; do
+    while [ "${i}" -le 120 ]; do
      if ! is_running; then
        break
      fi
--- a/advanced/Templates/pihole-FTL.systemd
+++ b/advanced/Templates/pihole-FTL.systemd
@@ -28,7 +28,7 @@ ExecReload=/bin/kill -HUP $MAINPID
 ExecStopPost=+/opt/pihole/pihole-FTL-poststop.sh

 # Use graceful shutdown with a reasonable timeout
-TimeoutStopSec=60s
+TimeoutStopSec=120s

 # Make /usr, /boot, /etc and possibly some more folders read-only...
 ProtectSystem=full
--- a/advanced/Templates/pihole.cron
+++ b/advanced/Templates/pihole.cron
@@ -24,7 +24,7 @@
 #          The flush script will use logrotate if available
 #          parameter "once": logrotate only once (default is twice)
 #          parameter "quiet": don't print messages
-00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
+00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole logrotate quiet

@reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate

--- a/install/basic-install.sh
+++ b/install/basic-install.sh
@@ -84,7 +84,7 @@ webInterfaceDir="${webroot}/admin"
 piholeGitUrl="https://github.com/pi-hole/pi-hole.git"
 PI_HOLE_LOCAL_REPO="/etc/.pihole"
 # List of pihole scripts, stored in an array
-PI_HOLE_FILES=(list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage)
+PI_HOLE_FILES=(list piholeDebug piholeLogFlush piholeLogRotate setupLCD update version gravity uninstall webpage)
 # This directory is where the Pi-hole scripts will be installed
 PI_HOLE_INSTALL_DIR="/opt/pihole"
 PI_HOLE_CONFIG_DIR="/etc/pihole"
@@ -165,6 +165,8 @@ PIHOLE_META_DEPS_APK=(
    cronie
    curl
    dialog
+    doas # sudo replacement
+    doas-sudo-shim
    git
    grep
    iproute2-minimal # piholeARPTable.sh
@@ -178,7 +180,6 @@ PIHOLE_META_DEPS_APK=(
    procps-ng
    psmisc
    shadow
-    sudo
    tzdata
    unzip
 )
@@ -1963,9 +1964,18 @@ get_binary_name() {

    # If the machine is aarch64 (armv8)
    if [[ "${machine}" == "aarch64" ]]; then
-        # If AArch64 is found (e.g., BCM2711 in Raspberry Pi 4)
-        printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
-        l_binary="pihole-FTL-arm64"
+        if [[ "$(getconf LONG_BIT)" == "64" ]]; then
+            # If the OS is 64 bit, we use the arm64 binary
+            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
+            l_binary="pihole-FTL-arm64"
+        else
+            # If the OS is 32 bit, we use the armv7 binary (aarch64 is actually armv8)
+            # Even though the machine is 64 bit capable, this makes debugging
+            # very hard as 32bit tools like gdb, etc. cannot analyze the 64 bit
+            # binary. See FTL issue #2494 for such an example.
+            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture with 32 bit OS\\n" "${OVER}" "${TICK}"
+            l_binary="pihole-FTL-armv7"
+        fi
    elif [[ "${machine}" == "arm"* ]]; then
        # ARM 32 bit
        # Get supported processor from other binaries installed on the system
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -100,9 +100,12 @@ Available commands and options:
      -c                Include a Pi-hole database integrity check
 .br

-\fB-f, flush\fR
+\fB-f, flush\fR [quite]
 .br
-    Flush the Pi-hole log
+    Flush the Pi-hole log and last 24h from the query database
+.br
+
+      quite           Suppress output
 .br

 \fB-r, repair\fR
@@ -242,6 +245,14 @@ Available commands and options:
      verbose           Show authentication and status messages
 .br

+\fBlogrotate\fR [quite]
+.br
+    Rotate Pi-hole's log files
+.br
+
+      quite           Suppress output
+.br
+
 .SH "EXAMPLE"

 Some usage examples
--- a/23
+++ b/23
@@ -92,8 +92,13 @@ debugFunc() {
 }

 flushFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/piholeLogFlush.sh "$@"
-  exit 0
+    # unsupported in docker because it requires restarting FTL
+    if [ -n "${DOCKER_VERSION}" ]; then
+        unsupportedFunc
+    else
+        "${PI_HOLE_SCRIPT_DIR}"/piholeLogFlush.sh "$@"
+        exit 0
+    fi
 }

 # Deprecated function, should be removed in the future
@@ -105,6 +110,11 @@ arpFunc() {
  exit 0
 }

+logrotateFunc() {
+   "${PI_HOLE_SCRIPT_DIR}"/piholeLogRotate.sh "$@"
+    exit 0
+}
+
 networkFlush() {
  shift
  "${PI_HOLE_SCRIPT_DIR}"/piholeNetworkFlush.sh "$@"
@@ -517,7 +527,8 @@ Debugging Options:
  -d, debug           Start a debugging session
                        Add '-c' or '--check-database' to include a Pi-hole database integrity check
                        Add '-a' to automatically upload the log to tricorder.pi-hole.net
-  -f, flush           Flush the Pi-hole log
+  -f, flush           Flush the Pi-hole logs and last 24h from the query database
+                        Add 'quiet' to suppress output messages
  -r, repair          Repair Pi-hole subsystems
  -t, tail [arg]      View the live output of the Pi-hole log.
                      Add an optional argument to filter the log
@@ -550,7 +561,9 @@ Options:
  checkout            Switch Pi-hole subsystems to a different GitHub branch
                        Add '-h' for more info on checkout usage
  networkflush        Flush information stored in Pi-hole's network tables
-                        Add '--arp' to additionally flush the ARP table ";
+                        Add '--arp' to additionally flush the ARP table
+  logrotate          Rotate Pi-hole's log files
+                        Add 'quiet' to suppress output messages";
  exit 0
 }

@@ -593,6 +606,7 @@ case "${1}" in
  "arpflush"                      ) need_root=true;; # Deprecated, use networkflush instead
  "networkflush"                  ) need_root=true;;
  "-t" | "tail"                   ) need_root=true;;
+  "logrotate"                    ) need_root=true;;
  *                               ) helpFunc;;
 esac

@@ -628,5 +642,6 @@ case "${1}" in
  "arpflush"                      ) arpFunc "$@";; # Deprecated, use networkflush instead
  "networkflush"                  ) networkFlush "$@";;
  "-t" | "tail"                   ) tailFunc "$2";;
+  "logrotate"                     ) logrotateFunc "$@";;
  *                               ) helpFunc;;
 esac
--- a/test/test_any_utils.py
+++ b/test/test_any_utils.py
@@ -2,6 +2,7 @@ def test_key_val_replacement_works(host):
    """Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file"""
    host.run("""
    source /opt/pihole/utils.sh
+    touch ./testoutput
    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3"