Merge pull request #1943 from pi-hole/release/3.3

Pi-hole v3.3

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,32 +1,31 @@
-**By submitting this pull request, I confirm the following:** `{please fill any appropriate checkboxes, e.g: [X]}`
+**By submitting this pull request, I confirm the following:** 
+*please fill any appropriate checkboxes, e.g: [X]*
 
-`{Please ensure that your pull request is for the 'development' branch!}`
+- [ ] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template.
+- [ ] I have made only one major change in my proposed changes.
+- [ ] I have commented my proposed changes within the code.
+- [ ] I have tested my proposed changes, and have included unit tests where possible.
+- [ ] I am willing to help maintain this change if there are issues with it later.
+- [ ] I give this submission freely and claim no ownership.
+- [ ] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1)
+- [ ] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
 
-- [] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md), as well as this entire template.
+Please make sure you [Sign Off](https://github.com/pi-hole/pi-hole/wiki/How-to-signoff-your-commits.) all commits. Pi-hole enforces the [DCO](https://github.com/pi-hole/pi-hole/wiki/Contributing-to-the-project).
-- [] I have made only one major change in my proposed changes.
-- [] I have commented my proposed changes within the code.
-- [] I have tested my proposed changes, and have included unit tests where possible.
-- [] I am willing to help maintain this change if there are issues with it later.
-- [] I give this submission freely and claim no ownership.
-- [] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1)
-- [] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
-- [] I have Signed Off all commits. ([`git commit --signoff`](https://git-scm.com/docs/git-commit#git-commit---signoff))
 
 ---
-
 **What does this PR aim to accomplish?:**
+*A detailed description, screenshots (if necessary), as well as links to any relevant GitHub issues*
 
-`{A detailed description, screenshots (if necessary), as well as links to any relevant GitHub issues}`
 
 **How does this PR accomplish the above?:**
+*A detailed description (such as a changelog) and screenshots (if necessary) of the implemented fix*
 
-`{A detailed description (such as a changelog) and screenshots (if necessary) of the implemented fix}`
 
 **What documentation changes (if any) are needed to support this PR?:**
+*A detailed list of any necessary changes*
 
-`{A detailed list of any necessary changes}`
 
-> * `{Please delete this quoted section when opening your pull request}`
+---
-> * You must follow the template instructions. Failure to do so will result in your issue being closed.
+* You must follow the template instructions. Failure to do so will result in your pull request being closed.
-> * Please respect that Pi-hole is developed by volunteers, who can only reply in their spare time.
+* Please respect that Pi-hole is developed by volunteers, who can only reply in their spare time.
-> * Detail helps us understand an issue quicker, but please ensure it's relevant.
+

.gitignore

@@ -3,3 +3,69 @@
 *.swp
 __pycache__
 .cache
+
+# Created by https://www.gitignore.io/api/jetbrains+iml
+
+### JetBrains+iml ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# All idea files, with execptions
+.idea
+!.idea/codeStyles/*
+!.idea/codeStyleSettings.xml
+
+
+# Sensitive or high-churn files:
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.xml
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+
+# Gradle:
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# CMake
+cmake-build-debug/
+
+# Mongo Explorer plugin:
+.idea/**/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Ruby plugin and RubyMine
+/.rakeTasks
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+### JetBrains+iml Patch ###
+# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
+
+*.iml
+.idea/misc.xml
+*.ipr
+
+# End of https://www.gitignore.io/api/jetbrains+iml

.idea/codeStyles/Project.xml

@@ -0,0 +1,13 @@
+<component name="ProjectCodeStyleConfiguration">
+  <code_scheme name="Project" version="173">
+    <option name="OTHER_INDENT_OPTIONS">
+      <value>
+        <option name="INDENT_SIZE" value="2" />
+        <option name="TAB_SIZE" value="2" />
+      </value>
+    </option>
+    <MarkdownNavigatorCodeStyleSettings>
+      <option name="RIGHT_MARGIN" value="72" />
+    </MarkdownNavigatorCodeStyleSettings>
+  </code_scheme>
+</component>

.idea/codeStyles/codeStyleConfig.xml

@@ -0,0 +1,5 @@
+<component name="ProjectCodeStyleConfiguration">
+  <state>
+    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
+  </state>
+</component>

.stickler.yml

@@ -0,0 +1,3 @@
+linters:
+  shellcheck:
+    shell: bash

CONTRIBUTING.md

@@ -28,6 +28,7 @@ When requesting or submitting new features, first consider whether it might be u
 
 - Check the codebase to ensure that your feature doesn't already exist.
 - Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
+- Read and understand the [DCO guidelines](https://github.com/pi-hole/pi-hole/wiki/Contributing-to-the-project) for the project.
 
 ## Technical Requirements
 

README.md

@@ -185,7 +185,7 @@ While quite outdated at this point, [this original blog post about Pi-hole](http
 - [CHiP-hole: Network-wide Ad-blocker](https://www.hackster.io/jacobsalmela/chip-hole-network-wide-ad-blocker-98e037)
 - [Chrome Extension: Pi-Hole List Editor](https://chrome.google.com/webstore/detail/pi-hole-list-editor/hlnoeoejkllgkjbnnnhfolapllcnaglh) ([Source Code](https://github.com/packtloss/pihole-extension))
 - [Splunk: Pi-hole Visualiser](https://splunkbase.splunk.com/app/3023/)
-- [Adblocking with P-hole and Ubuntu 14.04 on VirtualBox](https://hbalagtas.blogspot.com.au/2016/02/adblocking-with-pi-hole-and-ubuntu-1404.html)
+- [Adblocking with Pi-hole and Ubuntu 14.04 on VirtualBox](https://hbalagtas.blogspot.com.au/2016/02/adblocking-with-pi-hole-and-ubuntu-1404.html)
 - [Pi-hole stats in your Mac's menu bar](https://getbitbar.com/plugins/Network/pi-hole.1m.py)
 - [Pi-hole unRAID Template](https://forums.lime-technology.com/topic/36810-support-spants-nodered-mqtt-dashing-couchdb/)
 - [Copernicus: Windows Tray Application](https://github.com/goldbattle/copernicus)
@@ -193,7 +193,7 @@ While quite outdated at this point, [this original blog post about Pi-hole](http
 - [Pi-hole metrics](https://github.com/nlamirault/pihole_exporter) exporter for [Prometheus](https://prometheus.io/)
 - [Magic Mirror with DNS Filtering](https://zonksec.com/blog/magic-mirror-dns-filtering/#dnssoftware)
 - [Pi-hole Droid: Android client](https://github.com/friimaind/pi-hole-droid)
-
+- [Windows DNS Swapper](https://github.com/roots84/DNS-Swapper), see [#1400](https://github.com/pi-hole/pi-hole/issues/1400)
 -----
 
 ## Coverage

advanced/01-pihole.conf

@@ -39,7 +39,7 @@ interface=@INT@
 
 cache-size=10000
 
-log-queries
+log-queries=extra
 log-facility=/var/log/pihole.log
 
 local-ttl=2

advanced/Scripts/chronometer.sh

@@ -15,7 +15,7 @@ pihole-FTL() {
   ftl_port=$(cat /var/run/pihole-FTL.port 2> /dev/null)
   if [[ -n "$ftl_port" ]]; then
     # Open connection to FTL
-    exec 3<>"/dev/tcp/localhost/$ftl_port"
+    exec 3<>"/dev/tcp/127.0.0.1/$ftl_port"
 
     # Test if connection is open
     if { "true" >&3; } 2> /dev/null; then

advanced/Scripts/piholeDebug.sh

@@ -215,14 +215,14 @@ copy_to_debug_log() {
   sed 's/\[[0-9;]\{1,5\}m//g' > "${PIHOLE_DEBUG_LOG_SANITIZED}" <<< cat "${PIHOLE_DEBUG_LOG}"
 }
 
-initiate_debug() {
+initialize_debug() {
   # Clear the screen so the debug log is readable
   clear
   show_disclaimer
   # Display that the debug process is beginning
   log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}"
   # Timestamp the start of the log
-  log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initiated."
+  log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized."
 }
 
 # This is a function for visually displaying the curent test that is being run.
@@ -547,7 +547,7 @@ detect_ip_addresses() {
     log_write ""
   else
     # If there are no IPs detected, explain that the protocol is not configured
-    log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interace.\n"
+    log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interface.\n"
     return 1
   fi
   # If the protocol is v6
@@ -809,8 +809,14 @@ process_status(){
   local i
   # For each process,
   for i in "${PIHOLE_PROCESSES[@]}"; do
-    # get its status via systemctl
+    # If systemd
-    local status_of_process=$(systemctl is-active "${i}")
+    if command -v systemctl &> /dev/null; then
+      # get its status via systemctl
+      local status_of_process=$(systemctl is-active "${i}")
+    else
+      # Otherwise, use the service command
+      local status_of_process=$(service "${i}" status | awk '/Active:/ {print $2}') &> /dev/null
+    fi
     # and print it out to the user
     if [[ "${status_of_process}" == "active" ]]; then
       # If it's active, show it in green
@@ -1143,7 +1149,7 @@ upload_to_tricorder() {
 
 # Run through all the functions we made
 make_temporary_log
-initiate_debug
+initialize_debug
 # setupVars.conf needs to be sourced before the networking so the values are
 # available to the other functions
 source_setup_variables

advanced/Scripts/updatecheck.sh

@@ -3,7 +3,7 @@
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
-# Checks for updates via GitHub
+# Checks for local or remote versions and branches
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
@@ -25,35 +25,42 @@ function json_extract() {
   fi
 }
 
-GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
-GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
-GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
-
-echo "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions"
-
 function get_local_branch() {
   # Return active branch
   cd "${1}" 2> /dev/null || return 1
   git rev-parse --abbrev-ref HEAD || return 1
 }
 
-CORE_BRANCH="$(get_local_branch /etc/.pihole)"
-WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
-#FTL_BRANCH="$(pihole-FTL branch)"
-# Don't store FTL branch until the next release of FTL which
-# supports returning the branch in an easy way
-FTL_BRANCH="XXX"
-
-echo "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches"
-
 function get_local_version() {
-  # Return active branch
+# Return active branch
-  cd "${1}" 2> /dev/null || return 1
+cd "${1}" 2> /dev/null || return 1
-  git describe --long --dirty --tags || return 1
+git describe --long --dirty --tags || return 1
 }
 
-CORE_VERSION="$(get_local_version /etc/.pihole)"
+if [[ "$2" == "remote" ]]; then
-WEB_VERSION="$(get_local_version /var/www/html/admin)"
-FTL_VERSION="$(pihole-FTL version)"
 
-echo "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions"
+  if [[ "$3" == "reboot" ]]; then
+    sleep 30
+  fi
+
+  GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
+  GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
+  GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -q 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
+
+  echo -n "${GITHUB_CORE_VERSION} ${GITHUB_WEB_VERSION} ${GITHUB_FTL_VERSION}" > "/etc/pihole/GitHubVersions"
+
+else
+
+  CORE_BRANCH="$(get_local_branch /etc/.pihole)"
+  WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
+  FTL_BRANCH="$(pihole-FTL branch)"
+
+  echo -n "${CORE_BRANCH} ${WEB_BRANCH} ${FTL_BRANCH}" > "/etc/pihole/localbranches"
+
+  CORE_VERSION="$(get_local_version /etc/.pihole)"
+  WEB_VERSION="$(get_local_version /var/www/html/admin)"
+  FTL_VERSION="$(pihole-FTL version)"
+
+  echo -n "${CORE_VERSION} ${WEB_VERSION} ${FTL_VERSION}" > "/etc/pihole/localversions"
+
+fi

advanced/Scripts/webpage.sh

@@ -153,6 +153,7 @@ ProcessDNSSettings() {
 	if [[ "${DNSSEC}" == true ]]; then
 		echo "dnssec
 trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
 " >> "${dnsmasqconfig}"
 	fi
 
@@ -174,6 +175,11 @@ trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE3
 		add_dnsmasq_setting "local-service"
 	else
 		# Listen only on one interface
+		# Use eth0 as fallback interface if interface is missing in setupVars.conf
+		if [ -z "${PIHOLE_INTERFACE}" ]; then
+			PIHOLE_INTERFACE="eth0"
+		fi
+
 		add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}"
 	fi
 
@@ -240,7 +246,7 @@ ProcessDHCPSettings() {
 	source "${setupVars}"
 
 	if [[ "${DHCP_ACTIVE}" == "true" ]]; then
-    interface=$(grep 'PIHOLE_INTERFACE=' /etc/pihole/setupVars.conf | sed "s/.*=//")
+    interface="${PIHOLE_INTERFACE}"
 
     # Use eth0 as fallback interface
     if [ -z ${interface} ]; then
@@ -248,7 +254,7 @@ ProcessDHCPSettings() {
     fi
 
     if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
-      PIHOLE_DOMAIN="local"
+      PIHOLE_DOMAIN="lan"
       change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
     fi
 

advanced/index.php

@@ -213,6 +213,8 @@ if (explode("-", $phVersion)[1] != "0")
 
 // Please Note: Text is added via CSS to allow an admin to provide a localised
 // language without the need to edit this file
+
+setHeader();
 ?>
 <!DOCTYPE html>
 <!-- Pi-hole: A black hole for Internet advertisements
@@ -224,7 +226,6 @@ if (explode("-", $phVersion)[1] != "0")
 <head>
   <meta charset="UTF-8">
   <?=$viewPort ?>
-  <?=setHeader() ?>
   <meta name="robots" content="noindex,nofollow"/>
   <meta http-equiv="x-dns-prefetch-control" content="off">
   <link rel="shortcut icon" href="<?=$proto ?>://pi.hole/admin/img/favicon.png" type="image/x-icon"/>

advanced/pihole-FTL.service

@@ -25,9 +25,13 @@ start() {
   if is_running; then
     echo "pihole-FTL is already running"
   else
-    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port
+    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    mkdir -p /var/run/pihole
+    mkdir -p /var/log/pihole
+    chown pihole:pihole /var/run/pihole /var/log/pihole
+    rm /var/run/pihole/FTL.sock
     chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole
-    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port
+    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
     su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
     echo
   fi

advanced/pihole.cron

@@ -18,9 +18,6 @@
 #          early morning. Download any updates from the adlists
 59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity
 
-# Pi-hole: Update Pi-hole! Uncomment to enable auto update
-#30 2    * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updatePihole
-
 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
 #          parameter "once": logrotate only once (default is twice)
@@ -29,5 +26,9 @@
 
 @reboot root /usr/sbin/logrotate /etc/pihole/logrotate
 
-# Pi-hole: Grab remote version and branch every 10 minutes
+# Pi-hole: Grab local version and branch every 10 minutes
-*/10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker
+*/10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local
+
+# Pi-hole: Grab remote version every 24 hours
+59 17  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
+@reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot

automated install/basic-install.sh

@@ -2,7 +2,7 @@
 # shellcheck disable=SC1090
 
 # Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
+# (c) 2017-2018 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # Installs and Updates Pi-hole
@@ -14,7 +14,7 @@
 #
 # Install with this command (from your Linux machine):
 #
-# curl -L install.pi-hole.net | bash
+# curl -sSL https://install.pi-hole.net | bash
 
 # -e option instructs bash to immediately exit if any command [1] has a non-zero exit status
 # We do not want users to end up with a partially working install, so we exit the script
@@ -28,9 +28,8 @@ set -e
 # Local variables will be in lowercase and will exist only within functions
 # It's still a work in progress, so you may see some variance in this guideline until it is complete
 
-# We write to a temporary file before moving the log to the pihole folder
+# Location for final installation log storage
-tmpLog=/tmp/pihole-install.log
+installLogLoc=/etc/pihole/install.log
-instalLogLoc=/etc/pihole/install.log
 # This is an important file as it contains information specific to the machine it's being installed on
 setupVars=/etc/pihole/setupVars.conf
 # Pi-hole uses lighttpd as a Web server, and this is the config file for it
@@ -210,7 +209,8 @@ elif command -v rpm &> /dev/null; then
   INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng)
   PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget libidn2 psmisc)
   PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli php-pdo)
-  if ! grep -q 'Fedora' /etc/redhat-release; then
+  # EPEL (https://fedoraproject.org/wiki/EPEL) is required for lighttpd on CentOS
+  if grep -qi 'centos' /etc/redhat-release; then
     INSTALLER_DEPS=("${INSTALLER_DEPS[@]}" "epel-release");
   fi
     LIGHTTPD_USER="lighttpd"
@@ -715,8 +715,8 @@ setStaticIPv4() {
       }> "${IFCFG_FILE}"
       # Use ip to immediately set the new address
       ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
-      # If NetworkMangler command line interface exists,
+      # If NetworkMangler command line interface exists and ready to mangle,
-      if command -v nmcli &> /dev/null;then
+      if command -v nmcli &> /dev/null && nmcli general status &> /dev/null; then
         # Tell NetworkManagler to read our new sysconfig file
         nmcli con load "${IFCFG_FILE}" > /dev/null
       fi
@@ -815,6 +815,7 @@ setDNS() {
     Quad9)
       echo "Quad9 servers"
       PIHOLE_DNS_1="9.9.9.9"
+      PIHOLE_DNS_2="149.112.112.112"
       ;;
     Custom)
       # Until the DNS settings are selected,
@@ -1243,7 +1244,7 @@ install_dependent_packages() {
         echo -e "${OVER}  ${TICK} Checking for $i"
       else
         #
-        echo -e "${OVER}  ${CROSS} Checking for $i (will be installed)"
+        echo -e "${OVER}  ${INFO} Checking for $i (will be installed)"
         #
         installArray+=("${i}")
       fi
@@ -1268,7 +1269,7 @@ install_dependent_packages() {
     if ${PKG_MANAGER} -q list installed "${i}" &> /dev/null; then
       echo -e "${OVER}  ${TICK} Checking for $i"
     else
-      echo -e "${OVER}  ${CROSS} Checking for $i (will be installed)"
+      echo -e "${OVER}  ${INFO} Checking for $i (will be installed)"
       #
       installArray+=("${i}")
     fi
@@ -1368,7 +1369,9 @@ installCron() {
   # Copy the cron file over from the local repo
   cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.cron /etc/cron.d/pihole
   # Randomize gravity update time
-  sed -i "s/59 1/$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /etc/cron.d/pihole
+  sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /etc/cron.d/pihole
+  # Randomize update checker time
+  sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /etc/cron.d/pihole
   echo -e "${OVER}  ${TICK} ${str}"
 }
 
@@ -1888,14 +1891,28 @@ FTLdetect() {
 	  # Install FTL
     FTLinstall "${binary}" || return 1
   fi
+}
 
+make_temporary_log() {
+  # Create a random temporary file for the log
+  TEMPLOG=$(mktemp /tmp/pihole_temp.XXXXXX)
+  # Open handle 3 for templog
+  # https://stackoverflow.com/questions/18460186/writing-outputs-to-log-file-and-console
+  exec 3>"$TEMPLOG"
+  # Delete templog, but allow for addressing via file handle
+  # This lets us write to the log without having a temporary file on the drive, which
+  # is meant to be a security measure so there is not a lingering file on the drive during the install process
+  rm "$TEMPLOG"
+}
 
+copy_to_install_log() {
+  # Copy the contents of file descriptor 3 into the install log
+  # Since we use color codes such as '\e[1;33m', they should be removed
+  sed 's/\[[0-9;]\{1,5\}m//g' < /proc/$$/fd/3 > "${installLogLoc}"
 }
 
 main() {
   ######## FIRST CHECK ########
-  # Show the Pi-hole logo so people know it's genuine since the logo and name are trademarked
-  show_ascii_berry
   # Must be root to install
   local str="Root user check"
   echo ""
@@ -1904,12 +1921,15 @@ main() {
   if [[ "${EUID}" -eq 0 ]]; then
     # they are root and all is good
     echo -e "  ${TICK} ${str}"
+    # Show the Pi-hole logo so people know it's genuine since the logo and name are trademarked
+    show_ascii_berry
+    make_temporary_log
   # Otherwise,
   else
     # They do not have enough privileges, so let the user know
     echo -e "  ${CROSS} ${str}
       ${COL_LIGHT_RED}Script called with non-root privileges${COL_NC}
-      The Pi-hole requires elevated privleges to install and run
+      The Pi-hole requires elevated privileges to install and run
       Please check the installer for any concerns regarding this requirement
       Make sure to download this script from a trusted source\\n"
     echo -ne "  ${INFO} Sudo utility check"
@@ -2028,14 +2048,14 @@ main() {
     fi
 
     # Install and log everything to a file
-    installPihole | tee ${tmpLog}
+    installPihole | tee -a /proc/$$/fd/3
   else
+    # Source ${setupVars} to use predefined user variables in the functions
+    source ${setupVars}
+
     # Clone/Update the repos
     clone_or_update_repos
 
-    # Source ${setupVars} for use in the rest of the functions
-    source ${setupVars}
-
     # Install packages used by the Pi-hole
     if [[ "${INSTALL_WEB}" == true ]]; then
       # Install the Web dependencies
@@ -2054,12 +2074,11 @@ main() {
       # Value will either be 1, if true, or 0
       LIGHTTPD_ENABLED=$(service lighttpd status | awk '/Loaded:/ {print $0}' | grep -c 'enabled' || true)
     fi
-
+    updatePihole | tee -a /proc/$$/fd/3
-    updatePihole | tee ${tmpLog}
   fi
 
-  # Move the log file into /etc/pihole for storage
+  # Copy the temp log file into final log location for storage
-  mv ${tmpLog} ${instalLogLoc}
+  copy_to_install_log
 
   if [[ "${INSTALL_WEB}" == true ]]; then
     # Add password to web UI if there is none
@@ -2099,6 +2118,7 @@ main() {
 
   # Force an update of the updatechecker
   . /opt/pihole/updatecheck.sh
+  . /opt/pihole/updatecheck.sh x remote
 
   #
   if [[ "${useUpdateVars}" == false ]]; then
@@ -2135,7 +2155,7 @@ main() {
   fi
 
   # Display where the log file is
-  echo -e "\\n  ${INFO} The install log is located at: /etc/pihole/install.log
+  echo -e "\\n  ${INFO} The install log is located at: ${installLogLoc}
   ${COL_LIGHT_GREEN}${INSTALL_TYPE} Complete! ${COL_NC}"
 
 }

gravity.sh

@@ -68,8 +68,8 @@ if [[ -r "${piholeDir}/pihole.conf" ]]; then
 fi
 
 # Determine if DNS resolution is available before proceeding
-gravity_DNSLookup() {
+gravity_CheckDNSResolutionAvailable() {
-  local lookupDomain="pi.hole" plural=""
+  local lookupDomain="pi.hole"
 
   # Determine if $localList does not exist
   if [[ ! -e "${localList}" ]]; then
@@ -88,6 +88,19 @@ gravity_DNSLookup() {
     exit 1
   fi
 
+  # If the /etc/resolv.conf contains resolvers other than 127.0.0.1 then the local dnsmasq will not be queried and pi.hole is NXDOMAIN.
+  # This means that even though name resolution is working, the getent hosts check fails and the holddown timer keeps ticking and eventualy fails
+  # So we check the output of the last command and if it failed, attempt to use dig +short as a fallback
+  if timeout 1 dig +short "${lookupDomain}" &> /dev/null; then
+    if [[ -n "${secs:-}" ]]; then
+      echo -e "${OVER}  ${TICK} DNS resolution is now available\\n"
+    fi
+    return 0
+  elif [[ -n "${secs:-}" ]]; then
+    echo -e "${OVER}  ${CROSS} DNS resolution is not available"
+    exit 1
+  fi
+
   # Determine error output message
   if pidof dnsmasq &> /dev/null; then
     echo -e "  ${CROSS} DNS resolution is currently unavailable"
@@ -98,21 +111,20 @@ gravity_DNSLookup() {
 
   # Ensure DNS server is given time to be resolvable
   secs="120"
-  echo -ne "  ${INFO} Waiting up to ${secs} seconds before continuing..."
+  echo -ne "  ${INFO} Time until retry: ${secs}"
   until timeout 1 getent hosts "${lookupDomain}" &> /dev/null; do
     [[ "${secs:-}" -eq 0 ]] && break
-    [[ "${secs:-}" -ne 1 ]] && plural="s"
+    echo -ne "${OVER}  ${INFO} Time until retry: ${secs}"
-    echo -ne "${OVER}  ${INFO} Waiting up to ${secs} second${plural} before continuing..."
     : $((secs--))
     sleep 1
   done
 
   # Try again
-  gravity_DNSLookup
+  gravity_CheckDNSResolutionAvailable
 }
 
 # Retrieve blocklist URLs and parse domains from adlists.list
-gravity_Collapse() {
+gravity_GetBlocklistUrls() {
   echo -e "  ${INFO} ${COL_BOLD}Neutrino emissions detected${COL_NC}..."
 
   # Determine if adlists file needs handling
@@ -139,7 +151,8 @@ gravity_Collapse() {
     awk -F '[/:]' '{
       # Remove URL protocol & optional username:password@
       gsub(/(.*:\/\/|.*:.*@)/, "", $0)
-      print $1
+      if(length($1)>0){print $1}
+      else {print "local"}
     }' <<< "$(printf '%s\n' "${sources[@]}")" 2> /dev/null
   )"
 
@@ -152,7 +165,7 @@ gravity_Collapse() {
 }
 
 # Define options for when retrieving blocklists
-gravity_Supernova() {
+gravity_SetDownloadOptions() {
   local url domain agent cmd_ext str
 
   echo ""
@@ -177,7 +190,7 @@ gravity_Supernova() {
 
     if [[ "${skipDownload}" == false ]]; then
       echo -e "  ${INFO} Target: ${domain} (${url##*/})"
-      gravity_Pull "${url}" "${cmd_ext}" "${agent}"
+      gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}"
       echo ""
     fi
   done
@@ -185,16 +198,17 @@ gravity_Supernova() {
 }
 
 # Download specified URL and perform checks on HTTP status and file content
-gravity_Pull() {
+gravity_DownloadBlocklistFromUrl() {
   local url="${1}" cmd_ext="${2}" agent="${3}" heisenbergCompensator="" patternBuffer str httpCode success=""
 
   # Create temp file to store content on disk instead of RAM
   patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb")
 
   # Determine if $saveLocation has read permission
-  if [[ -r "${saveLocation}" ]]; then
+  if [[ -r "${saveLocation}" && $url != "file"* ]]; then
     # Have curl determine if a remote file has been modified since last retrieval
     # Uses "Last-Modified" header, which certain web servers do not provide (e.g: raw github urls)
+    # Note: Don't do this for local files, always download them
     heisenbergCompensator="-z ${saveLocation}"
   fi
 
@@ -203,20 +217,32 @@ gravity_Pull() {
   # shellcheck disable=SC2086
   httpCode=$(curl -s -L ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)
 
-  # Determine "Status:" output based on HTTP response
+  case $url in
-  case "${httpCode}" in
+    # Did we "download" a remote file?
-    "200") echo -e "${OVER}  ${TICK} ${str} Retrieval successful"; success=true;;
+    "http"*)
-    "304") echo -e "${OVER}  ${TICK} ${str} No changes detected"; success=true;;
+      # Determine "Status:" output based on HTTP response
-    "000") echo -e "${OVER}  ${CROSS} ${str} Connection Refused";;
+      case "${httpCode}" in
-    "403") echo -e "${OVER}  ${CROSS} ${str} Forbidden";;
+        "200") echo -e "${OVER}  ${TICK} ${str} Retrieval successful"; success=true;;
-    "404") echo -e "${OVER}  ${CROSS} ${str} Not found";;
+        "304") echo -e "${OVER}  ${TICK} ${str} No changes detected"; success=true;;
-    "408") echo -e "${OVER}  ${CROSS} ${str} Time-out";;
+        "000") echo -e "${OVER}  ${CROSS} ${str} Connection Refused";;
-    "451") echo -e "${OVER}  ${CROSS} ${str} Unavailable For Legal Reasons";;
+        "403") echo -e "${OVER}  ${CROSS} ${str} Forbidden";;
-    "500") echo -e "${OVER}  ${CROSS} ${str} Internal Server Error";;
+        "404") echo -e "${OVER}  ${CROSS} ${str} Not found";;
-    "504") echo -e "${OVER}  ${CROSS} ${str} Connection Timed Out (Gateway)";;
+        "408") echo -e "${OVER}  ${CROSS} ${str} Time-out";;
-    "521") echo -e "${OVER}  ${CROSS} ${str} Web Server Is Down (Cloudflare)";;
+        "451") echo -e "${OVER}  ${CROSS} ${str} Unavailable For Legal Reasons";;
-    "522") echo -e "${OVER}  ${CROSS} ${str} Connection Timed Out (Cloudflare)";;
+        "500") echo -e "${OVER}  ${CROSS} ${str} Internal Server Error";;
-    *    ) echo -e "${OVER}  ${CROSS} ${str} ${httpCode}";;
+        "504") echo -e "${OVER}  ${CROSS} ${str} Connection Timed Out (Gateway)";;
+        "521") echo -e "${OVER}  ${CROSS} ${str} Web Server Is Down (Cloudflare)";;
+        "522") echo -e "${OVER}  ${CROSS} ${str} Connection Timed Out (Cloudflare)";;
+        *    ) echo -e "${OVER}  ${CROSS} ${str} ${httpCode}";;
+      esac;;
+    # Did we "download" a local file?
+    "file"*)
+        if [[ -s "${patternBuffer}" ]]; then
+          echo -e "${OVER}  ${TICK} ${str} Retrieval successful"; success=true
+        else
+          echo -e "${OVER}  ${CROSS} ${str} Not found / empty list"
+        fi;;
+    *) echo -e "${OVER}  ${CROSS} ${str} ${url} ${httpCode}";;
   esac
 
   # Determine if the blocklist was downloaded and saved correctly
@@ -243,36 +269,22 @@ gravity_Pull() {
 
 # Parse source files into domains format
 gravity_ParseFileIntoDomains() {
-  local source="${1}" destination="${2}" commentPattern firstLine abpFilter
+  local source="${1}" destination="${2}" firstLine abpFilter
 
   # Determine if we are parsing a consolidated list
   if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then
-    # Define symbols used as comments: #;@![/
+    # Remove comments and print only the domain name
-    commentPattern="[#;@![\\/]"
+    # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contigious
+    # This helps with that and makes it easier to read
+    # It also helps with debugging so each stage of the script can be researched more in depth
+    #Awk -F splits on given IFS, we grab the right hand side (chops trailing #coments and /'s to grab the domain only.
+    #Last awk command takes non-commented lines and if they have 2 fields, take the left field (the domain) and leave
+    #+ the right (IP address), otherwise grab the single field.
 
-    # Parse Domains/Hosts files by removing comments & host IPs
+    < ${source} awk -F '#' '{print $1}' | \
-    # Logic: Ignore lines which begin with comments
+    awk -F '/' '{print $1}' | \
-    awk '!/^'"${commentPattern}"'/ {
+    awk '($1 !~ /^#/) { if (NF>1) {print $2} else {print $1}}' | \
-      # Determine if there are multiple words seperated by a space
+    sed -nr -e 's/\.{2,}/./g' -e '/\./p' >  ${destination}
-      if(NF>1) {
-        # Remove comments (including prefixed spaces/tabs)
-        if($0 ~ /'"${commentPattern}"'/) { gsub("( |\t)'"${commentPattern}"'.*", "", $0) }
-        # Determine if there are aliased domains
-        if($3) {
-          # Remove IP address
-          $1=""
-          # Remove space which is left in $0 when removing $1
-          gsub("^ ", "", $0)
-          print $0
-        } else if($2) {
-          # Print single domain without IP
-          print $2
-        }
-      # If there are no words seperated by space
-      } else if($1) {
-        print $1
-      }
-    }' "${source}" 2> /dev/null > "${destination}"
     return 0
   fi
 
@@ -318,7 +330,7 @@ gravity_ParseFileIntoDomains() {
       }' "${source}" > "${destination}.exceptionsFile.tmp"
 
       # Remove exceptions
-      grep -F -x -v -f "${destination}.exceptionsFile.tmp" "${destination}" > "${source}"
+      comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}"
       mv "${source}" "${destination}"
     fi
 
@@ -353,7 +365,7 @@ gravity_ParseFileIntoDomains() {
 }
 
 # Create (unfiltered) "Matter and Light" consolidated list
-gravity_Schwarzschild() {
+gravity_ConsolidateDownloadedBlocklists() {
   local str lastLine
 
   str="Consolidating blocklists"
@@ -381,7 +393,7 @@ gravity_Schwarzschild() {
 }
 
 # Parse consolidated list into (filtered, unique) domains-only format
-gravity_Filter() {
+gravity_SortAndFilterConsolidatedList() {
   local str num
 
   str="Extracting domains from blocklists"
@@ -393,7 +405,7 @@ gravity_Filter() {
   # Format $parsedMatter line total as currency
   num=$(printf "%'.0f" "$(wc -l < "${piholeDir}/${parsedMatter}")")
   echo -e "${OVER}  ${TICK} ${str}
-  ${INFO} ${COL_BLUE}${num}${COL_NC} domains being pulled in by gravity"
+  ${INFO} Number of domains being pulled in by gravity: ${COL_BLUE}${num}${COL_NC}"
 
   str="Removing duplicate domains"
   echo -ne "  ${INFO} ${str}..."
@@ -402,31 +414,30 @@ gravity_Filter() {
 
   # Format $preEventHorizon line total as currency
   num=$(printf "%'.0f" "$(wc -l < "${piholeDir}/${preEventHorizon}")")
-  echo -e "  ${INFO} ${COL_BLUE}${num}${COL_NC} unique domains trapped in the Event Horizon"
+  echo -e "  ${INFO} Number of unique domains trapped in the Event Horizon: ${COL_BLUE}${num}${COL_NC}"
 }
 
 # Whitelist unique blocklist domain sources
-gravity_WhitelistBLD() {
+gravity_WhitelistBlocklistSourceUrls() {
-  local uniqDomains plural="" str 
+  local uniqDomains str
 
   echo ""
 
   # Create array of unique $sourceDomains
   mapfile -t uniqDomains <<< "$(awk '{ if(!a[$1]++) { print $1 } }' <<< "$(printf '%s\n' "${sourceDomains[@]}")")"
-  [[ "${#uniqDomains[@]}" -ne 1 ]] && plural="s"
 
-  str="Adding ${#uniqDomains[@]} blocklist source domain${plural} to the whitelist"
+  str="Number of blocklist source domains being added to the whitelist: ${#uniqDomains[@]}"
   echo -ne "  ${INFO} ${str}..."
 
   # Whitelist $uniqDomains
-  "${PIHOLE_COMMAND}" -w -nr -q "${uniqDomains[*]}" &> /dev/null
+  "${PIHOLE_COMMAND}" -w -nr -q ${uniqDomains[*]} &> /dev/null
 
-  echo -e "${OVER}  ${TICK} ${str}"
+  echo -e "${OVER}  ${INFO} ${str}"
 }
 
 # Whitelist user-defined domains
 gravity_Whitelist() {
-  local num plural="" str
+  local num str
 
   if [[ ! -f "${whitelistFile}" ]]; then
     echo -e "  ${INFO} Nothing to whitelist!"
@@ -434,24 +445,22 @@ gravity_Whitelist() {
   fi
 
   num=$(wc -l < "${whitelistFile}")
-  [[ "${num}" -ne 1 ]] && plural="s"
+  str="Number of whitelisted domains: ${num}"
-  str="Whitelisting ${num} domain${plural}"
   echo -ne "  ${INFO} ${str}..."
 
   # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile
-  grep -F -x -v -f "${whitelistFile}" "${piholeDir}/${preEventHorizon}" > "${piholeDir}/${whitelistMatter}"
+  comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}"
 
-  echo -e "${OVER}  ${TICK} ${str}"
+  echo -e "${OVER}  ${INFO} ${str}"
 }
 
 # Output count of blacklisted domains and wildcards
 gravity_ShowBlockCount() {
-  local num plural
+  local num
 
   if [[ -f "${blacklistFile}" ]]; then
     num=$(printf "%'.0f" "$(wc -l < "${blacklistFile}")")
-    plural=; [[ "${num}" -ne 1 ]] && plural="s"
+    echo -e "  ${INFO} Number of blacklisted domains: ${num}"
-    echo -e "  ${INFO} Blacklisted ${num} domain${plural}"
   fi
 
   if [[ -f "${wildcardFile}" ]]; then
@@ -460,8 +469,7 @@ gravity_ShowBlockCount() {
     if [[ -n "${IPV4_ADDRESS}" ]] && [[ -n "${IPV6_ADDRESS}" ]];then
       num=$(( num/2 ))
     fi
-    plural=; [[ "${num}" -ne 1 ]] && plural="s"
+    echo -e "  ${INFO} Number of wildcard blocked domains: ${num}"
-    echo -e "  ${INFO} Wildcard blocked ${num} domain${plural}"
   fi
 }
 
@@ -555,7 +563,7 @@ gravity_Cleanup() {
   rm ${piholeDir}/*.tmp 2> /dev/null
   rm /tmp/*.phgpb 2> /dev/null
 
-  # Ensure this function only runs when gravity_Supernova() has completed
+  # Ensure this function only runs when gravity_SetDownloadOptions() has completed
   if [[ "${gravity_Blackbody:-}" == true ]]; then
     # Remove any unused .domains files
     for file in ${piholeDir}/*.${domainsExtension}; do
@@ -617,12 +625,12 @@ fi
 # Determine which functions to run
 if [[ "${skipDownload}" == false ]]; then
   # Gravity needs to download blocklists
-  gravity_DNSLookup
+  gravity_CheckDNSResolutionAvailable
-  gravity_Collapse
+  gravity_GetBlocklistUrls
-  gravity_Supernova
+  gravity_SetDownloadOptions
-  gravity_Schwarzschild
+  gravity_ConsolidateDownloadedBlocklists
-  gravity_Filter
+  gravity_SortAndFilterConsolidatedList
-  gravity_WhitelistBLD
+  gravity_WhitelistBlocklistSourceUrls
 else
   # Gravity needs to modify Blacklist/Whitelist/Wildcards
   echo -e "  ${INFO} Using cached Event Horizon list..."

pihole

@@ -444,13 +444,17 @@ Specify whether the Pi-hole log should be used
 
 Options:
   on                  Enable the Pi-hole log at /var/log/pihole.log
-  off                 Disable the Pi-hole log at /var/log/pihole.log"
+  off                 Disable and flush the Pi-hole log at /var/log/pihole.log
+  off noflush         Disable the Pi-hole log at /var/log/pihole.log"
     exit 0
   elif [[ "${1}" == "off" ]]; then
     # Disable logging
     sed -i 's/^log-queries/#log-queries/' /etc/dnsmasq.d/01-pihole.conf
     sed -i 's/^QUERY_LOGGING=true/QUERY_LOGGING=false/' /etc/pihole/setupVars.conf
-    pihole -f
+    if [[ "${2}" != "noflush" ]]; then
+      # Flush logs
+      pihole -f
+    fi
     echo -e "  ${INFO} Disabling logging..."
     local str="Logging has been disabled!"
   elif [[ "${1}" == "on" ]]; then
@@ -658,6 +662,6 @@ case "${1}" in
   "-t" | "tail"                 ) tailFunc;;
   "checkout"                    ) piholeCheckoutFunc "$@";;
   "tricorder"                   ) tricorderFunc;;
-  "updatechecker"               ) updateCheckFunc;;
+  "updatechecker"               ) updateCheckFunc "$@";;
   *                             ) helpFunc;;
 esac