Bump psf/black from 26.3.0 to 26.3.1 in the github-actions-dependencies group (#6566)

Bumps the python-dependencies group in /test with 1 update: [tox](https://github.com/tox-dev/tox).


Updates `tox` from 4.49.0 to 4.49.1
- [Release notes](https://github.com/tox-dev/tox/releases)
- [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst)
- [Commits](https://github.com/tox-dev/tox/compare/4.49.0...4.49.1)

---
updated-dependencies:
- dependency-name: tox
  dependency-version: 4.49.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/codeql-analysis.yml

@@ -29,12 +29,12 @@ jobs:
     # Initializes the CodeQL tools for scanning.
     -
       name: Initialize CodeQL
-      uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 #v4.32.3
+      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6
       with:
         languages: 'python'
     -
       name: Autobuild
-      uses: github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6 #v4.32.3
+      uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6
     -
       name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 #v4.32.3
+      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6

.github/workflows/stale.yml

@@ -17,7 +17,7 @@ jobs:
       issues: write
 
     steps:
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d #v10.1.1
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f #v10.2.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30

.github/workflows/stale_pr.yml

@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d #v10.1.1
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f #v10.2.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # Do not automatically mark PR/issue as stale

.github/workflows/test.yml

@@ -49,7 +49,7 @@ jobs:
         run: editorconfig-checker
 
       - name: Check python code formatting with black
-        uses: psf/black@6305bf1ae645ab7541be4f5028a86239316178eb #26.1.0
+        uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 #26.3.1
         with:
           src: "./test"
           options: "--check --diff --color"

advanced/Scripts/piholeCheckout.sh

@@ -41,22 +41,6 @@ warning1() {
 }
 
 checkout() {
-
-    local skipFTL additionalFlag
-    skipFTL=false
-    # Check arguments
-    for var in "$@"; do
-        case "$var" in
-            "--skipFTL") skipFTL=true ;;
-        esac
-    done
-
-    if [ "${skipFTL}" == true ]; then
-        additionalFlag="--skipFTL"
-    else
-        additionalFlag=""
-    fi
-
     local corebranches
     local webbranches
 
@@ -251,7 +235,7 @@ checkout() {
     # Force updating everything
     if [[  ! "${1}" == "web" && ! "${1}" == "ftl" ]]; then
         echo -e "  ${INFO} Running installer to upgrade your installation"
-        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended ${additionalFlag}; then
+        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then
             exit 0
         else
             echo -e "  ${COL_RED} Error: Unable to complete update, please contact support${COL_NC}"

advanced/Scripts/piholeDebug.sh

@@ -169,7 +169,7 @@ initialize_debug() {
     # Display that the debug process is beginning
     log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}"
     # Timestamp the start of the log
-    log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized."
+    log_write "${INFO} $(date "+%Y-%m-%d %H:%M:%S") debug log has been initialized."
     # Uptime of the system
     # credits to https://stackoverflow.com/questions/28353409/bash-format-uptime-to-show-days-hours-minutes
     system_uptime=$(uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/){if ($9=="min") {d=$6;m=$8} else {d=$6;h=$8;m=$9}} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes"}')

advanced/Scripts/piholeNetworkFlush.sh

@@ -15,7 +15,7 @@ if [[ -f ${coltable} ]]; then
     source ${coltable}
 fi
 
-readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
 utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 # shellcheck source=./advanced/Scripts/utils.sh
 source "${utilsfile}"

advanced/Scripts/update.sh

@@ -149,37 +149,31 @@ main() {
         echo -e "  ${INFO} Web Interface:\\t${COL_GREEN}up to date${COL_NC}"
     fi
 
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        local funcOutput
-        funcOutput=$(get_binary_name) #Store output of get_binary_name here
-        local binary
-        binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
+    local funcOutput
+    funcOutput=$(get_binary_name) #Store output of get_binary_name here
+    local binary
+    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
 
-        if FTLcheckUpdate "${binary}" &>/dev/null; then
-            FTL_update=true
-            echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
-        else
-            case $? in
-                1)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
-                    ;;
-                2)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
-                    exit 1
-                    ;;
-                3)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
-                    exit 1
-                    ;;
-                *)
-                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
-                    exit 1
-            esac
-            FTL_update=false
-        fi
+    if FTLcheckUpdate "${binary}" &>/dev/null; then
+        FTL_update=true
+        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
     else
-        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}--skipFTL set - update check skipped${COL_NC}"
+        case $? in
+            1)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
+                ;;
+            2)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
+                exit 1
+                ;;
+            3)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
+                exit 1
+                ;;
+            *)
+                echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
+                exit 1
+        esac
         FTL_update=false
     fi
 
@@ -228,14 +222,7 @@ main() {
     fi
 
     if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then
-        local addionalFlag
-
-        if [[ ${skipFTL} == true ]]; then
-             addionalFlag="--skipFTL"
-        else
-             addionalFlag=""
-        fi
-        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended ${addionalFlag} || \
+        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended || \
             echo -e "${basicError}" && exit 1
     fi
 
@@ -255,15 +242,8 @@ main() {
     exit 0
 }
 
-CHECK_ONLY=false
-skipFTL=false
-
-# Check arguments
-for var in "$@"; do
-    case "$var" in
-    "--check-only") CHECK_ONLY=true ;;
-    "--skipFTL") skipFTL=true ;;
-    esac
-done
+if [[ "$1" == "--check-only" ]]; then
+    CHECK_ONLY=true
+fi
 
 main

automated install/basic-install.sh

@@ -188,27 +188,14 @@ PIHOLE_META_DEPS_APK=(
 # The runUnattended flag is one example of this
 repair=false
 runUnattended=false
-skipFTL=false
 # Check arguments for the undocumented flags
 for var in "$@"; do
     case "${var}" in
     "--repair") repair=true ;;
     "--unattended") runUnattended=true ;;
-    "--skipFTL") skipFTL=true ;;
     esac
 done
 
-if [[ "${runUnattended}" == true ]]; then
-    # In order to run an unattended setup, a pre-seeded /etc/pihole/pihole.toml must exist
-    if [[ ! -f "${PI_HOLE_CONFIG_DIR}/pihole.toml" ]]; then
-        printf "  %b Error: \"%s\" not found. Cannot run unattended setup\\n" "${CROSS}" "${PI_HOLE_CONFIG_DIR}/pihole.toml"
-        exit 1
-    fi
-    printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
-    # also disable debconf-apt-progress dialogs
-    export DEBIAN_FRONTEND="noninteractive"
-fi
-
 # If the color table file exists,
 if [[ -f "${coltable}" ]]; then
     # source it
@@ -1963,18 +1950,9 @@ get_binary_name() {
 
     # If the machine is aarch64 (armv8)
     if [[ "${machine}" == "aarch64" ]]; then
-        if [[ "$(getconf LONG_BIT)" == "64" ]]; then
-            # If the OS is 64 bit, we use the arm64 binary
-            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
-            l_binary="pihole-FTL-arm64"
-        else
-            # If the OS is 32 bit, we use the armv7 binary (aarch64 is actually armv8)
-            # Even though the machine is 64 bit capable, this makes debugging
-            # very hard as 32bit tools like gdb, etc. cannot analyze the 64 bit
-            # binary. See FTL issue #2494 for such an example.
-            printf "%b  %b Detected AArch64 (64 Bit ARM) architecture with 32 bit OS\\n" "${OVER}" "${TICK}"
-            l_binary="pihole-FTL-armv7"
-        fi
+        # If AArch64 is found (e.g., BCM2711 in Raspberry Pi 4)
+        printf "%b  %b Detected AArch64 (64 Bit ARM) architecture\\n" "${OVER}" "${TICK}"
+        l_binary="pihole-FTL-arm64"
     elif [[ "${machine}" == "arm"* ]]; then
         # ARM 32 bit
         # Get supported processor from other binaries installed on the system
@@ -2344,18 +2322,21 @@ main() {
 
     # Check if there is a usable FTL binary available on this architecture - do
     # this early on as FTL is a hard dependency for Pi-hole
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        # Get the binary name for the current architecture
-        local funcOutput
-        funcOutput=$(get_binary_name) #Store output of get_binary_name here
-        # Abort early if this processor is not supported (get_binary_name returns empty string)
-        if [[ "${funcOutput}" == "" ]]; then
-            printf "  %b Upgrade/install aborted\\n" "${CROSS}" "${DISTRO_NAME}"
-            exit 1
+    local funcOutput
+    funcOutput=$(get_binary_name) #Store output of get_binary_name here
+    # Abort early if this processor is not supported (get_binary_name returns empty string)
+    if [[ "${funcOutput}" == "" ]]; then
+        printf "  %b Upgrade/install aborted\\n" "${CROSS}" "${DISTRO_NAME}"
+        exit 1
+    fi
+
+    if [[ "${fresh_install}" == false ]]; then
+        # if it's running unattended,
+        if [[ "${runUnattended}" == true ]]; then
+            printf "  %b Performing unattended setup, no dialogs will be displayed\\n" "${INFO}"
+            # also disable debconf-apt-progress dialogs
+            export DEBIAN_FRONTEND="noninteractive"
         fi
-    else
-        printf "  %b %b--skipFTL set - skipping architecture check%b\\n" "${INFO}" "${COL_YELLOW}" "${COL_NC}"
     fi
 
     if [[ "${fresh_install}" == true ]]; then
@@ -2388,18 +2369,13 @@ main() {
     create_pihole_user
 
     # Download and install FTL
-    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
-    if [ "${skipFTL}" != true ]; then
-        local binary
-        binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
-        local theRest
-        theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL")
-        if ! FTLdetect "${binary}" "${theRest}"; then
-            printf "  %b FTL Engine not installed\\n" "${CROSS}"
-            exit 1
-        fi
-    else
-        printf "  %b %b--skipFTL set - skipping FTL binary installation%b\\n" "${INFO}" "${COL_YELLOW}" "${COL_NC}"
+    local binary
+    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
+    local theRest
+    theRest="${funcOutput%pihole-FTL*}" # Print the rest of get_binary_name's output to display (cut out from first instance of "pihole-FTL")
+    if ! FTLdetect "${binary}" "${theRest}"; then
+        printf "  %b FTL Engine not installed\\n" "${CROSS}"
+        exit 1
     fi
 
     # Install and log everything to a file

gravity.sh

@@ -612,7 +612,7 @@ compareLists() {
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" adlistID="${2}" saveLocation="${3}" compression="${4}" gravity_type="${5}" domain="${6}"
   local listCurlBuffer str httpCode success="" ip customUpstreamResolver=""
-  local file_path ip_addr port blocked=false download=true
+  local file_path permissions ip_addr port blocked=false download=true
   # modifiedOptions is an array to store all the options used to check if the adlist has been changed upstream
   local modifiedOptions=()
 
@@ -721,40 +721,29 @@ gravity_DownloadBlocklistFromUrl() {
     fi
   fi
 
-  # If we "download" a local file (file://), verify read access before using it.
-    # When running as root (e.g., via pihole -g), check that the 'pihole' user can read the file
-    # to match the effective runtime user of FTL; otherwise, check the current user's read access
-    # (e.g., in Docker or when invoked by a non-root user). The target must
-    # resolve to a regular file and be readable by the evaluated user.
-  if [[ "${url}" == "file:/"* ]]; then
+  # If we are going to "download" a local file, we first check if the target
+  # file has a+r permission. We explicitly check for all+read because we want
+  # to make sure that the file is readable by everyone and not just the user
+  # running the script.
+  if [[ $url == "file://"* ]]; then
     # Get the file path
-    file_path=$(echo "${url}" | cut -d'/' -f3-)
+    file_path=$(echo "$url" | cut -d'/' -f3-)
     # Check if the file exists and is a regular file (i.e. not a socket, fifo, tty, block). Might still be a symlink.
-    if [[ ! -f ${file_path} ]]; then
-        # Output that the file does not exist
-        echo -e "${OVER}  ${CROSS} ${file_path} does not exist"
-        download=false
+    if [[ ! -f $file_path ]]; then
+      # Output that the file does not exist
+      echo -e "${OVER}  ${CROSS} ${file_path} does not exist"
+      download=false
     else
-        if [ "$(id -un)" == "root" ]; then
-            # If we are root, we need to check if the pihole user has read permission
-            #  otherwise, we might read files that the pihole user should not be able to read
-            if sudo -u pihole test -r "${file_path}"; then
-                echo -e "${OVER}  ${INFO} Using local file ${file_path}"
-            else
-                echo -e "${OVER}  ${CROSS} Cannot read file (user 'pihole' lacks read permission)"
-                download=false
-            fi
-        else
-            # If we are not root, we just check if the current user has read permission
-            if [[ -r "${file_path}" ]]; then
-                # Output that we are using the local file
-                echo -e "${OVER}  ${INFO} Using local file ${file_path}"
-            else
-                # Output that the file is not readable by the current user
-                echo -e "${OVER}  ${CROSS} Cannot read file (current user '$(id -un)' lacks read permission)"
-                download=false
-            fi
-        fi
+      # Check if the file or a file referenced by the symlink has a+r permissions
+      permissions=$(stat -L -c "%a" "$file_path")
+      if [[ $permissions == *4 || $permissions == *5 || $permissions == *6 || $permissions == *7 ]]; then
+        # Output that we are using the local file
+        echo -e "${OVER}  ${INFO} Using local file ${file_path}"
+      else
+        # Output that the file does not have the correct permissions
+        echo -e "${OVER}  ${CROSS} Cannot read file (file needs to have a+r permission)"
+        download=false
+      fi
     fi
   fi
 
@@ -822,10 +811,6 @@ gravity_DownloadBlocklistFromUrl() {
       fix_owner_permissions "${saveLocation}"
       # Compare lists if they are identical
       compareLists "${adlistID}" "${saveLocation}"
-      # Set permissions for the *.etag file
-      if [[ -f "${saveLocation}.etag" ]]; then
-          fix_owner_permissions "${saveLocation}.etag"
-      fi
       # Add domains to database table file
       pihole-FTL "${gravity_type}" parseList "${saveLocation}" "${gravityTEMPfile}" "${adlistID}"
       done="true"

pihole

@@ -125,22 +125,7 @@ repairPiholeFunc() {
   if [ -n "${DOCKER_VERSION}" ]; then
     unsupportedFunc
   else
-    local skipFTL additionalFlag
-    skipFTL=false
-    # Check arguments
-    for var in "$@"; do
-        case "$var" in
-            "--skipFTL") skipFTL=true ;;
-        esac
-    done
-
-    if [ "${skipFTL}" == true ]; then
-        additionalFlag="--skipFTL"
-    else
-        additionalFlag=""
-    fi
-
-    /etc/.pihole/automated\ install/basic-install.sh --repair ${additionalFlag}
+    /etc/.pihole/automated\ install/basic-install.sh --repair
     exit 0;
   fi
 }
@@ -616,7 +601,7 @@ case "${1}" in
   "-d" | "debug"                  ) debugFunc "$@";;
   "-f" | "flush"                  ) flushFunc "$@";;
   "-up" | "updatePihole"          ) updatePiholeFunc "$@";;
-  "-r"  | "repair"                ) repairPiholeFunc "$@";;
+  "-r"  | "repair"                ) repairPiholeFunc;;
   "-g" | "updateGravity"          ) updateGravityFunc "$@";;
   "-l" | "logging"                ) piholeLogging "$@";;
   "uninstall"                     ) uninstallFunc;;

test/requirements.txt

@@ -2,5 +2,5 @@ pyyaml == 6.0.3
 pytest == 9.0.2
 pytest-xdist == 3.8.0
 pytest-testinfra == 10.2.2
-tox == 4.35.0
+tox == 4.49.1
 pytest-clarity == 1.0.1