Release v5.16 (#5220)

Signed-off-by: Loïc Gomez <89980752+kot0dama@users.noreply.github.com>

.codespellignore

@@ -0,0 +1,3 @@
+doubleclick
+wan
+nwe

.editorconfig

@@ -13,26 +13,8 @@ tab_width = 4
 charset = utf-8
 trim_trailing_whitespace = true
 
-# Matches multiple files with brace expansion notation
-# Set default charset
-[*.{js,py}]
-charset = utf-8
+[*.yml]
+tab_width = 2
 
-# 4 space indentation
-[*.py]
-indent_style = space
-indent_size = 4
-
-# Tab indentation (no size specified)
-[Makefile]
-indent_style = tab
-
-# Indentation override for all JS under lib directory
-[scripts/**.js]
-indent_style = space
-indent_size = 2
-
-# Matches the exact files either package.json or .travis.yml
-[{package.json,.travis.yml}]
-indent_style = space
-indent_size = 2
+[*.md]
+tab_width = 2

.github/dependabot.yml

@@ -0,0 +1,22 @@
+version: 2
+updates:
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "10:00"
+  open-pull-requests-limit: 10
+  target-branch: development
+  reviewers:
+    - "pi-hole/core-maintainers"
+- package-ecosystem: pip
+  directory: "/test"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "10:00"
+  open-pull-requests-limit: 10
+  target-branch: development
+  reviewers:
+    - "pi-hole/core-maintainers"

.github/release.yml

@@ -0,0 +1,7 @@
+changelog:
+  exclude:
+    labels:
+      - internal
+    authors:
+      - dependabot
+      - github-actions

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,40 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - master
+      - development
+  pull_request:
+    branches:
+      - master
+      - development
+  schedule:
+    - cron: '32 11 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+    -
+      name: Checkout repository
+      uses: actions/checkout@v3.4.0
+    # Initializes the CodeQL tools for scanning.
+    -
+      name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: 'python'
+    -
+      name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+    -
+      name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/merge-conflict.yml

@@ -0,0 +1,21 @@
+name: "Check for merge conflicts"
+on:
+  # So that PRs touching the same files as the push are updated
+  push:
+  # So that the `dirtyLabel` is removed if conflicts are resolve
+  # We recommend `pull_request_target` so that github secrets are available.
+  # In `pull_request` we wouldn't be able to change labels of fork PRs
+  pull_request_target:
+    types: [synchronize]
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if PRs are have merge conflicts
+        uses: eps1lon/actions-label-merge-conflict@v2.1.0
+        with:
+          dirtyLabel: "PR: Merge Conflict"
+          repoToken: "${{ secrets.GITHUB_TOKEN }}"
+          commentOnDirty: "This pull request has conflicts, please resolve those before we can evaluate the pull request."
+          commentOnClean: "Conflicts have been resolved."

.github/workflows/stale.yml

@@ -0,0 +1,26 @@
+name: Mark stale issues
+
+on:
+  schedule:
+    - cron: '0 8 * * *'
+  workflow_dispatch:
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+      - uses: actions/stale@v7.0.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 30
+          days-before-close: 5
+          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
+          stale-issue-label: 'stale'
+          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
+          exempt-all-issue-assignees: true
+          operations-per-run: 300
+          close-issue-reason: 'not_planned'

.github/workflows/stale_pr.yml

@@ -0,0 +1,35 @@
+name: Close stale PR
+# This action will add a `stale` label and close immediately every PR that meets the following conditions:
+#   - it is already marked with "merge conflict" label
+#   - there was no update/comment on the PR in the last 30 days.
+
+on:
+  schedule:
+    - cron: '0 10 * * *'
+  workflow_dispatch:
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/stale@v7.0.0
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          # Do not automatically mark PR/issue as stale
+          days-before-stale: -1
+          # Override 'days-before-stale' for PR only
+          days-before-pr-stale: 30
+          # Close PRs immediately, after marking them 'stale'
+          days-before-pr-close: 0
+          # only run the action on merge conflict PR
+          any-of-labels: 'PR: Merge Conflict'
+          exempt-pr-labels: 'internal, never-stale, ON HOLD, WIP'
+          exempt-all-pr-assignees: true
+          operations-per-run: 300
+          stale-pr-message: ''
+          close-pr-message: 'Existing merge conflicts have not been addressed. This PR is considered abandoned.'

.github/workflows/sync-back-to-dev.yml

@@ -0,0 +1,40 @@
+name: Sync Back to Development
+
+on:
+  push:
+    branches:
+      - master
+
+# The section is needed to drop the default write-all permissions for all jobs
+# that are granted on `push` event. By specifying any permission explicitly
+# all others are set to none. By using the principle of least privilege the damage a compromised
+# workflow can do (because of an injection or compromised third party tool or
+# action) is restricted. Adding labels to issues, commenting
+# on pull-requests, etc. may need additional permissions:
+#
+# Syntax for this section:
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+#
+# Reference for how to assign permissions on a job-by-job basis:
+# https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+#
+# Reference for available permissions that we can enable if needed:
+# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
+permissions: {}
+
+jobs:
+  sync-branches:
+    # The job needs to be able to pull the code and create a pull request.
+    permissions:
+      contents: read #  for actions/checkout
+      pull-requests: write #  to create pull request
+
+    runs-on: ubuntu-latest
+    name: Syncing branches
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3.4.0
+      - name: Opening pull request
+        run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -4,22 +4,76 @@ on:
   pull_request:
     types: [opened, synchronize, reopened, ready_for_review]
 
+permissions:
+  contents: read
+
 jobs:
+  smoke-tests:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3.4.0
+
+      - name: Check scripts in repository are executable
+        run: |
+          IFS=$'\n';
+          for f in $(find . -name '*.sh'); do if [[ ! -x $f ]]; then echo "$f is not executable" && FAIL=1; fi ;done
+          unset IFS;
+          # If FAIL is 1 then we fail.
+          [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!"
+
+      - name: Spell-Checking
+        uses: codespell-project/actions-codespell@master
+        with:
+          ignore_words_file: .codespellignore
+
+      - name: Get editorconfig-checker
+        uses: editorconfig-checker/action-editorconfig-checker@main # tag v1.0.0 is really out of date
+
+      - name: Run editorconfig-checker
+        run: editorconfig-checker
+
+      - name: Check python code formatting with black
+        uses: psf/black@stable
+        with:
+          src: "./test"
+          options: "--check --diff --color"
+
   distro-test:
     if: github.event.pull_request.draft == false
     runs-on: ubuntu-latest
+    needs: smoke-tests
     strategy:
+      fail-fast: false
       matrix:
-        distro: [debian_9, debian_10, ubuntu_16, ubuntu_18, ubuntu_20, centos_7, centos_8, fedora_32, fedora_33]
+        distro:
+          [
+            debian_10,
+            debian_11,
+            ubuntu_20,
+            ubuntu_22,
+            centos_8,
+            centos_9,
+            fedora_36,
+            fedora_37,
+          ]
     env:
       DISTRO: ${{matrix.distro}}
     steps:
-    - uses: actions/checkout@v1
-    - name: Set up Python 3.7
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.7
-    - name: Install dependencies
-      run: pip install -r test/requirements.txt
-    - name: Test with tox
-      run: tox -c test/tox.${DISTRO}.ini
+      - name: Checkout repository
+        uses: actions/checkout@v3.4.0
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v4.5.0
+        with:
+          python-version: "3.10"
+
+      - name: Install wheel
+        run:  pip install wheel
+
+      - name: Install dependencies
+        run: pip install -r test/requirements.txt
+
+      - name: Test with tox
+        run: tox -c test/tox.${DISTRO}.ini

.gitignore

@@ -7,70 +7,6 @@ __pycache__
 .tox
 .eggs
 *.egg-info
-
-
-# Created by https://www.gitignore.io/api/jetbrains+iml
-
-### JetBrains+iml ###
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# All idea files, with exceptions
-.idea
-!.idea/codeStyles/*
-!.idea/codeStyleSettings.xml
-
-
-# Sensitive or high-churn files:
-.idea/**/dataSources/
-.idea/**/dataSources.ids
-.idea/**/dataSources.xml
-.idea/**/dataSources.local.xml
-.idea/**/sqlDataSources.xml
-.idea/**/dynamic.xml
-.idea/**/uiDesigner.xml
-
-# Gradle:
-.idea/**/gradle.xml
-.idea/**/libraries
-
-# CMake
-cmake-build-debug/
-
-# Mongo Explorer plugin:
-.idea/**/mongoSettings.xml
-
-## File-based project format:
-*.iws
-
-## Plugin-specific files:
-
-# IntelliJ
-/out/
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Cursive Clojure plugin
-.idea/replstate.xml
-
-# Ruby plugin and RubyMine
-/.rakeTasks
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-### JetBrains+iml Patch ###
-# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
-
+.idea/
 *.iml
-.idea/misc.xml
-*.ipr
-
-# End of https://www.gitignore.io/api/jetbrains+iml
+.vscode/

.idea/codeStyleSettings.xml

@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-    <component name="ProjectCodeStyleSettingsManager">
-        <option name="PER_PROJECT_SETTINGS">
-            <value>
-                <option name="OTHER_INDENT_OPTIONS">
-                    <value>
-                        <option name="INDENT_SIZE" value="2" />
-                        <option name="CONTINUATION_INDENT_SIZE" value="8" />
-                        <option name="TAB_SIZE" value="2" />
-                        <option name="USE_TAB_CHARACTER" value="false" />
-                        <option name="SMART_TABS" value="false" />
-                        <option name="LABEL_INDENT_SIZE" value="0" />
-                        <option name="LABEL_INDENT_ABSOLUTE" value="false" />
-                        <option name="USE_RELATIVE_INDENTS" value="false" />
-                    </value>
-                </option>
-                <MarkdownNavigatorCodeStyleSettings>
-                    <option name="RIGHT_MARGIN" value="72" />
-                </MarkdownNavigatorCodeStyleSettings>
-            </value>
-        </option>
-        <option name="USE_PER_PROJECT_SETTINGS" value="true" />
-    </component>
-</project>

.idea/codeStyles/Project.xml

@@ -1,7 +0,0 @@
-<component name="ProjectCodeStyleConfiguration">
-  <code_scheme name="Project" version="173">
-    <MarkdownNavigatorCodeStyleSettings>
-      <option name="RIGHT_MARGIN" value="72" />
-    </MarkdownNavigatorCodeStyleSettings>
-  </code_scheme>
-</component>

.idea/codeStyles/codeStyleConfig.xml

@@ -1,5 +0,0 @@
-<component name="ProjectCodeStyleConfiguration">
-  <state>
-    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
-  </state>
-</component>

.stickler.yml

@@ -1,6 +1,10 @@
+---
 linters:
   shellcheck:
     shell: bash
   phpcs:
   flake8:
     max-line-length: 120
+  yamllint:
+    config: ./.yamllint.conf
+  remarklint:

.yamllint.conf

@@ -0,0 +1,3 @@
+rules:
+  line-length: disable
+  document-start: disable

CONTRIBUTING.md

@@ -2,111 +2,4 @@
 
 Please read and understand the contribution guide before creating an issue or pull request.
 
-## Etiquette
-
-- Our goal for Pi-hole is **stability before features**. This means we focus on squashing critical bugs before adding new features. Often, we can do both in tandem, but bugs will take priority over a new feature.
-- Pi-hole is open source and [powered by donations](https://pi-hole.net/donate/), and as such, we give our **free time** to build, maintain, and **provide user support** for this project. It would be extremely unfair for us to suffer abuse or anger for our hard work, so please take a moment to consider that.
-- Please be considerate towards the developers and other users when raising issues or presenting pull requests.
-- Respect our decision(s), and do not be upset or abusive if your submission is not used.
-
-## Viability
-
-When requesting or submitting new features, first consider whether it might be useful to others. Open source projects are used by many people, who may have entirely different needs to your own. Think about whether or not your feature is likely to be used by other users of the project.
-
-## Procedure
-
-**Before filing an issue:**
-
-- Attempt to replicate and **document** the problem, to ensure that it wasn't a coincidental incident.
-- Check to make sure your feature suggestion isn't already present within the project.
-- Check the pull requests tab to ensure that the bug doesn't have a fix in progress.
-- Check the pull requests tab to ensure that the feature isn't already in progress.
-
-**Before submitting a pull request:**
-
-- Check the codebase to ensure that your feature doesn't already exist.
-- Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
-- Read and understand the [DCO guidelines](https://docs.pi-hole.net/guides/github/contributing/) for the project.
-
-## Technical Requirements
-
-- Submit Pull Requests to the **development branch only**.
-- Before Submitting your Pull Request, merge `development` with your new branch and fix any conflicts. (Make sure you don't break anything in development!)
-- Please use the [Google Style Guide for Shell](https://google.github.io/styleguide/shell.xml) for your code submission styles.
-- Commit Unix line endings.
-- Please use the Pi-hole brand: **Pi-hole** (Take a special look at the capitalized 'P' and a low 'h' with a hyphen)
-- (Optional fun) keep to the theme of Star Trek/black holes/gravity.
-
-## Forking and Cloning from GitHub to GitHub
-
-1. Fork <https://github.com/pi-hole/pi-hole/> to a repo under a namespace you control, or have permission to use, for example: `https://github.com/<your_namespace>/<your_repo_name>/`. You can do this from the github.com website.
-2. Clone `https://github.com/<your_namespace>/<your_repo_name>/` with the tool of you choice.
-3. To keep your fork in sync with our repo, add an upstream remote for pi-hole/pi-hole to your repo.
-
-    ```bash
-    git remote add upstream https://github.com/pi-hole/pi-hole.git
-    ```
-
-4. Checkout the `development` branch from your fork `https://github.com/<your_namespace>/<your_repo_name>/`.
-5. Create a topic/branch, based on the `development` branch code. *Bonus fun to keep to the theme of Star Trek/black holes/gravity.*
-6. Make your changes and commit to your topic branch in your repo.
-7. Rebase your commits and squash any insignificant commits. See the notes below for an example.
-8. Merge `development` your branch and fix any conflicts.
-9. Open a Pull Request to merge your topic branch into our repo's `development` branch.
-
-- Keep in mind the technical requirements from above.
-
-## Forking and Cloning from GitHub to other code hosting sites
-
-- Forking is a GitHub concept and cannot be done from GitHub to other git-based code hosting sites. However, those sites may be able to mirror a GitHub repo.
-
-1. To contribute from another code hosting site, you must first complete the steps above to fork our repo to a GitHub namespace you have permission to use, for example: `https://github.com/<your_namespace>/<your_repo_name>/`.
-2. Create a repo in your code hosting site, for example: `https://gitlab.com/<your_namespace>/<your_repo_name>/`
-3. Follow the instructions from your code hosting site to create a mirror between `https://github.com/<your_namespace>/<your_repo_name>/` and `https://gitlab.com/<your_namespace>/<your_repo_name>/`.
-4. When you are ready to create a Pull Request (PR), follow the steps `(starting at step #6)` from [Forking and Cloning from GitHub to GitHub](#forking-and-cloning-from-github-to-github) and create the PR from `https://github.com/<your_namespace>/<your_repo_name>/`.
-
-## Notes for squashing commits with rebase
-
-- To rebase your commits and squash previous commits, you can use:
-
-    ```bash
-    git rebase -i your_topic_branch~(number of commits to combine)
-    ```
-
-- For more details visit [gitready.com](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
-
-1. The following would combine the last four commits in the branch `mytopic`.
-
-    ```bash
-    git rebase -i mytopic~4
-    ```
-
-2. An editor window opens with the most recent commits indicated: (edit the commands to the left of the commit ID)
-
-    ```gitattributes
-    pick 9dff55b2 existing commit comments
-    squash ebb1a730 existing commit comments
-    squash 07cc5b50 existing commit comments
-    reword 9dff55b2 existing commit comments
-    ```
-
-3. Save and close the editor. The next editor window opens: (edit the new commit message). *If you select reword for a commit, an additional editor window will open for you to edit the comment.*
-
-    ```bash
-    new commit comments
-    Signed-off-by: yourname <your email address>
-    ```
-
-4. Save and close the editor for the rebase process to execute. The terminal output should say something like the following:
-
-    ```bash
-    Successfully rebased and updated refs/heads/mytopic.
-    ```
-
-5. Once you have a successful rebase, and before you sync your local clone, you have to force push origin to update your repo:
-
-    ```bash
-    git push -f origin
-    ```
-
-6. Continue on from step #7 from [Forking and Cloning from GitHub to GitHub](#forking-and-cloning-from-github-to-github)
+The guide can be found here: [https://docs.pi-hole.net/guides/github/contributing/](https://docs.pi-hole.net/guides/github/contributing/)

README.md

@@ -3,26 +3,29 @@
 #
 
 <p align="center">
-    <a href="https://pi-hole.net/">
-        <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_Wordmark.svg" width="150" height="260" alt="Pi-hole">
-    </a>
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_darkmode.png">
+    <source media="(prefers-color-scheme: light)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png">
+    <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png" width="168" height="270" alt="Pi-hole website">
+  </picture>
     <br>
     <strong>Network-wide ad blocking via your own Linux hardware</strong>
 </p>
+
 <!-- markdownlint-enable MD033 -->
 
-The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software.
+The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content without installing any client-side software.
 
-- **Easy-to-install**: our versatile installer walks you through the process, and takes less than ten minutes
+- **Easy-to-install**: our dialogs walk you through the simple installation process in less than ten minutes
 - **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs
 - **Responsive**: seamlessly speeds up the feel of everyday browsing by caching DNS queries
 - **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://docs.pi-hole.net/main/prerequisites/)
-- **Robust**: a command line interface that is quality assured for interoperability
+- **Robust**: a command-line interface that is quality assured for interoperability
 - **Insightful**: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
-- **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically
+- **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring _all_ your devices are protected automatically
 - **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on server-grade hardware
 - **Modern**: blocks ads over both IPv4 and IPv6
-- **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy
+- **Free**: open source software that helps ensure _you_ are the sole person in control of your privacy
 
 -----
 
@@ -51,25 +54,29 @@ wget -O basic-install.sh https://install.pi-hole.net
 sudo bash basic-install.sh
 ```
 
+### Method 3: Using Docker to deploy Pi-hole
+
+Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images.
+
 ## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/)
 
-Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention.
+Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245). This router configuration will ensure that all devices connecting to your network will have content blocked without any further intervention.
 
-If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available).
+If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); be sure to disable DHCP on your router first (if it has that feature available).
 
-As a last resort, you can always manually set each device to use Pi-hole as their DNS server.
+As a last resort, you can manually set each device to use Pi-hole as their DNS server.
 
 -----
 
-## Pi-hole is free, but powered by your support
+## Pi-hole is free but powered by your support
 
-There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.
+There are many reoccurring costs involved with maintaining free, open-source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software and the importance of keeping it maintained.
 
 Make no mistake: **your support is absolutely vital to help keep us innovating!**
 
 ### [Donations](https://pi-hole.net/donate)
 
-Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses and rewarding our dedicated development team:
+Donating using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses:
 
 ### Alternative support
 
@@ -80,14 +87,14 @@ If you'd rather not donate (_which is okay!_), there are other ways you can help
 - [Hetzner Cloud](https://hetzner.cloud/?ref=7aceisRX3AzA) _affiliate link_
 - [Digital Ocean](https://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
 - [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
-- [Amazon US](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
-- Spreading the word about our software, and how you have benefited from it
+- [Amazon US](https://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
+- Spreading the word about our software and how you have benefited from it
 
 ### Contributing via GitHub
 
 We welcome _everyone_ to contribute to issue reports, suggest new features, and create pull requests.
 
-If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve.
+If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions it asks will help the volunteers quickly understand what you're aiming to achieve.
 
 You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review.
 
@@ -95,9 +102,9 @@ You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/ma
 
 ## Getting in touch with us
 
-While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets.
+While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on various social media outlets.
 
-**Please be sure to check the FAQ's** before starting a new discussion. Many user questions already have answers and can be solved without any additional assistance.
+**Please be sure to check the FAQs** before starting a new discussion, as we do not have the spare time to reply to every request for assistance.
 
 - [Frequently Asked Questions](https://discourse.pi-hole.net/c/faqs)
 - [Feature Requests](https://discourse.pi-hole.net/c/feature-requests?order=votes)
@@ -110,7 +117,7 @@ While we are primarily reachable on our [Discourse User Forum](https://discourse
 
 ### [Faster-than-light Engine](https://github.com/pi-hole/ftl)
 
-[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
+[FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all _very quickly_!
 
 Some of the statistics you can integrate include:
 
@@ -123,21 +130,21 @@ Some of the statistics you can integrate include:
 - Queries cached
 - Unique clients
 
-The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).
+Access the API via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).
 
-### The Command Line Interface
+### The Command-Line Interface
 
-The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
+The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to fully administer the Pi-hole, without the need for the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
 
 Some notable features include:
 
-- [Whitelisting, Blacklisting and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex)
+- [Whitelisting, Blacklisting, and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex)
 - [Debugging utility](https://docs.pi-hole.net/core/pihole-command/#debugger)
 - [Viewing the live log file](https://docs.pi-hole.net/core/pihole-command/#tail)
 - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity)
 - [Querying Ad Lists for blocked domains](https://docs.pi-hole.net/core/pihole-command/#query)
 - [Enabling and Disabling Pi-hole](https://docs.pi-hole.net/core/pihole-command/#enable-disable)
-- ... and *many* more!
+- ... and _many_ more!
 
 You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-command/#pi-hole-core) for more information.
 
@@ -147,7 +154,7 @@ This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to vie
 
 Some notable features include:
 
-- Mobile friendly interface
+- Mobile-friendly interface
 - Password protection
 - Detailed graphs and doughnut charts
 - Top lists of domains and clients
@@ -159,4 +166,4 @@ Some notable features include:
 There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168):
 
 1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server)
-2. `http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/`
+2. `http://<IP_ADDRESS_OF_YOUR_PI_HOLE>/admin/`

advanced/01-pihole.conf

@@ -29,16 +29,7 @@ bogus-priv
 
 no-resolv
 
-server=@DNS1@
-server=@DNS2@
-
-interface=@INT@
-
-cache-size=@CACHE_SIZE@
-
 log-queries
-log-facility=/var/log/pihole.log
-
-local-ttl=2
+log-facility=/var/log/pihole/pihole.log
 
 log-async

advanced/06-rfc6761.conf

@@ -0,0 +1,42 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# RFC 6761 config file for Pi-hole
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+###############################################################################
+#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
+# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
+#                                                                             #
+#             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
+#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
+###############################################################################
+
+# RFC 6761: Caching DNS servers SHOULD recognize
+#     test, localhost, invalid
+# names as special and SHOULD NOT attempt to look up NS records for them, or
+# otherwise query authoritative DNS servers in an attempt to resolve these
+# names.
+server=/test/
+server=/localhost/
+server=/invalid/
+
+# The same RFC requests something similar for
+#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
+#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
+#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
+#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
+#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
+#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
+# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
+# 01-pihole.conf) because this also covers IPv6.
+
+# OpenWRT furthermore blocks    bind, local, onion    domains
+# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
+# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
+# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
+server=/bind/
+server=/onion/

advanced/Scripts/COL_TABLE

@@ -1,5 +1,5 @@
 # Determine if terminal is capable of showing colors
-if [[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]; then
+if ([[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]) || [[ "${WEBCALL}" ]]; then
   # Bold and underline may not show up on all clients
   # If something MUST be emphasized, use both
   COL_BOLD=''

advanced/Scripts/chronometer.sh

@@ -14,7 +14,9 @@ LC_NUMERIC=C
 # Retrieve stats from FTL engine
 pihole-FTL() {
     local ftl_port LINE
-    ftl_port=$(cat /run/pihole-FTL.port 2> /dev/null)
+    # shellcheck disable=SC1091
+    . /opt/pihole/utils.sh
+    ftl_port=$(getFTLAPIPort)
     if [[ -n "$ftl_port" ]]; then
         # Open connection to FTL
         exec 3<>"/dev/tcp/127.0.0.1/$ftl_port"
@@ -329,8 +331,8 @@ get_sys_stats() {
                 *) cpu_col="$COL_URG_RED";;
             esac
 
-        # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED
-        cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY"
+            # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED
+            cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY"
 
         elif [[ "$temp_unit" == "F" ]]; then
             cpu_temp=$(printf "%.0ff\\n" "$(calcFunc "($(< $temp_file) / 1000) * 9 / 5 + 32")")
@@ -357,7 +359,7 @@ get_sys_stats() {
     ram_used="${ram_raw[1]}"
     ram_total="${ram_raw[2]}"
 
-    if [[ "$(pihole status web 2> /dev/null)" == "1" ]]; then
+    if [[ "$(pihole status web 2> /dev/null)" -ge "1" ]]; then
         ph_status="${COL_LIGHT_GREEN}Active"
     else
         ph_status="${COL_LIGHT_RED}Offline"
@@ -445,7 +447,7 @@ get_strings() {
     lan_info="Gateway: $net_gateway"
     dhcp_info="$leased_str$ph_dhcp_num of $ph_dhcp_max"
 
-      ads_info="$total_str$ads_blocked_today of $dns_queries_today"
+    ads_info="$total_str$ads_blocked_today of $dns_queries_today"
     dns_info="$dns_count DNS servers"
 
     [[ "$recent_blocked" == "0" ]] && recent_blocked="${COL_LIGHT_RED}FTL offline${COL_NC}"
@@ -488,7 +490,7 @@ chronoFunc() {
             ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC}
             ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
         else
-        echo -e "|¯¯¯(¯)_|¯|_  ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
+            echo -e "|¯¯¯(¯)_|¯|_  ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
         fi
 
         printFunc "  Hostname: " "$sys_name" "$host_info"
@@ -498,20 +500,16 @@ chronoFunc() {
         printFunc " RAM usage: " "$ram_perc%" "$ram_info"
         printFunc " HDD usage: " "$disk_perc" "$disk_info"
 
-        if [[ "$scr_lines" -gt 17 ]] && [[ "$chrono_width" != "small" ]]; then
-            printFunc "  LAN addr: " "${IPV4_ADDRESS/\/*/}" "$lan_info"
-        fi
-
         if [[ "$DHCP_ACTIVE" == "true" ]]; then
             printFunc "DHCP usage: " "$ph_dhcp_percent%" "$dhcp_info"
         fi
 
         printFunc "   Pi-hole: " "$ph_status" "$ph_info"
-        printFunc " Ads Today: " "$ads_percentage_today%" "$ads_info"
+        printFunc "   Blocked: " "$ads_percentage_today%" "$ads_info"
         printFunc "Local Qrys: " "$queries_cached_percentage%" "$dns_info"
 
-        printFunc "   Blocked: " "$recent_blocked"
-        printFunc "Top Advert: " "$top_ad"
+        printFunc "Last Block: " "$recent_blocked"
+        printFunc " Top Block: " "$top_ad"
 
         # Provide more stats on screens with more lines
         if [[ "$scr_lines" -eq 17 ]]; then

advanced/Scripts/database_migration/gravity-db.sh

@@ -19,13 +19,13 @@ upgrade_gravityDB(){
 	auditFile="${piholeDir}/auditlog.list"
 
 	# Get database version
-	version="$(sqlite3 "${database}" "SELECT \"value\" FROM \"info\" WHERE \"property\" = 'version';")"
+	version="$(pihole-FTL sqlite3 "${database}" "SELECT \"value\" FROM \"info\" WHERE \"property\" = 'version';")"
 
 	if [[ "$version" == "1" ]]; then
 		# This migration script upgrades the gravity.db file by
 		# adding the domain_audit table
 		echo -e "  ${INFO} Upgrading gravity database from version 1 to 2"
-		sqlite3 "${database}" < "${scriptPath}/1_to_2.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/1_to_2.sql"
 		version=2
 
 		# Store audit domains in database table
@@ -40,28 +40,28 @@ upgrade_gravityDB(){
 		# renaming the regex table to regex_blacklist, and
 		# creating a new regex_whitelist table + corresponding linking table and views
 		echo -e "  ${INFO} Upgrading gravity database from version 2 to 3"
-		sqlite3 "${database}" < "${scriptPath}/2_to_3.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/2_to_3.sql"
 		version=3
 	fi
 	if [[ "$version" == "3" ]]; then
 		# This migration script unifies the formally separated domain
 		# lists into a single table with a UNIQUE domain constraint
 		echo -e "  ${INFO} Upgrading gravity database from version 3 to 4"
-		sqlite3 "${database}" < "${scriptPath}/3_to_4.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/3_to_4.sql"
 		version=4
 	fi
 	if [[ "$version" == "4" ]]; then
 		# This migration script upgrades the gravity and list views
 		# implementing necessary changes for per-client blocking
 		echo -e "  ${INFO} Upgrading gravity database from version 4 to 5"
-		sqlite3 "${database}" < "${scriptPath}/4_to_5.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/4_to_5.sql"
 		version=5
 	fi
 	if [[ "$version" == "5" ]]; then
 		# This migration script upgrades the adlist view
 		# to return an ID used in gravity.sh
 		echo -e "  ${INFO} Upgrading gravity database from version 5 to 6"
-		sqlite3 "${database}" < "${scriptPath}/5_to_6.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/5_to_6.sql"
 		version=6
 	fi
 	if [[ "$version" == "6" ]]; then
@@ -69,7 +69,7 @@ upgrade_gravityDB(){
 		# which is automatically associated to all clients not
 		# having their own group assignments
 		echo -e "  ${INFO} Upgrading gravity database from version 6 to 7"
-		sqlite3 "${database}" < "${scriptPath}/6_to_7.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/6_to_7.sql"
 		version=7
 	fi
 	if [[ "$version" == "7" ]]; then
@@ -77,21 +77,21 @@ upgrade_gravityDB(){
 		# to ensure uniqueness on the group name
 		# We also add date_added and date_modified columns
 		echo -e "  ${INFO} Upgrading gravity database from version 7 to 8"
-		sqlite3 "${database}" < "${scriptPath}/7_to_8.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/7_to_8.sql"
 		version=8
 	fi
 	if [[ "$version" == "8" ]]; then
 		# This migration fixes some issues that were introduced
 		# in the previous migration script.
 		echo -e "  ${INFO} Upgrading gravity database from version 8 to 9"
-		sqlite3 "${database}" < "${scriptPath}/8_to_9.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/8_to_9.sql"
 		version=9
 	fi
 	if [[ "$version" == "9" ]]; then
 		# This migration drops unused tables and creates triggers to remove
 		# obsolete groups assignments when the linked items are deleted
 		echo -e "  ${INFO} Upgrading gravity database from version 9 to 10"
-		sqlite3 "${database}" < "${scriptPath}/9_to_10.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/9_to_10.sql"
 		version=10
 	fi
 	if [[ "$version" == "10" ]]; then
@@ -101,25 +101,31 @@ upgrade_gravityDB(){
 		# to keep the copying process generic (needs the same columns in both the
 		# source and the destination databases).
 		echo -e "  ${INFO} Upgrading gravity database from version 10 to 11"
-		sqlite3 "${database}" < "${scriptPath}/10_to_11.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/10_to_11.sql"
 		version=11
 	fi
 	if [[ "$version" == "11" ]]; then
 		# Rename group 0 from "Unassociated" to "Default"
 		echo -e "  ${INFO} Upgrading gravity database from version 11 to 12"
-		sqlite3 "${database}" < "${scriptPath}/11_to_12.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/11_to_12.sql"
 		version=12
 	fi
 	if [[ "$version" == "12" ]]; then
 		# Add column date_updated to adlist table
 		echo -e "  ${INFO} Upgrading gravity database from version 12 to 13"
-		sqlite3 "${database}" < "${scriptPath}/12_to_13.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/12_to_13.sql"
 		version=13
 	fi
 	if [[ "$version" == "13" ]]; then
 		# Add columns number and status to adlist table
 		echo -e "  ${INFO} Upgrading gravity database from version 13 to 14"
-		sqlite3 "${database}" < "${scriptPath}/13_to_14.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/13_to_14.sql"
 		version=14
 	fi
+	if [[ "$version" == "14" ]]; then
+		# Changes the vw_adlist created in 5_to_6
+		echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/14_to_15.sql"
+		version=15
+	fi
 }

advanced/Scripts/database_migration/gravity/11_to_12.sql

@@ -16,4 +16,4 @@ CREATE TRIGGER tr_group_zero AFTER DELETE ON "group"
 
 UPDATE info SET value = 12 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/12_to_13.sql

@@ -15,4 +15,4 @@ CREATE TRIGGER tr_adlist_update AFTER UPDATE OF address,enabled,comment ON adlis
 
 UPDATE info SET value = 13 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/13_to_14.sql

@@ -10,4 +10,4 @@ ALTER TABLE adlist ADD COLUMN status INTEGER NOT NULL DEFAULT 0;
 
 UPDATE info SET value = 14 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/14_to_15.sql

@@ -0,0 +1,15 @@
+.timeout 30000
+
+PRAGMA FOREIGN_KEYS=OFF;
+
+BEGIN TRANSACTION;
+DROP VIEW vw_adlist;
+
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
+    FROM adlist
+    WHERE enabled = 1
+    ORDER BY id;
+
+UPDATE info SET value = 15 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/database_migration/gravity/3_to_4.sql

@@ -93,4 +93,4 @@ CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist
 
 UPDATE info SET value = 4 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/database_migration/gravity/4_to_5.sql

@@ -35,4 +35,4 @@ CREATE TABLE client_by_group
 
 UPDATE info SET value = 5 WHERE property = 'version';
 
-COMMIT;
+COMMIT;

advanced/Scripts/list.sh

@@ -16,14 +16,14 @@ GRAVITYDB="${piholeDir}/gravity.db"
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
-  source "${pihole_FTL}"
+    source "${pihole_FTL}"
 fi
 
 # Set this only after sourcing pihole-FTL.conf as the gravity database path may
 # have changed
 gravityDBfile="${GRAVITYDB}"
 
-reload=false
+noReloadRequested=false
 addmode=true
 verbose=true
 wildcard=false
@@ -35,6 +35,7 @@ typeId=""
 comment=""
 declare -i domaincount
 domaincount=0
+reload=false
 
 colfile="/opt/pihole/COL_TABLE"
 source ${colfile}
@@ -90,7 +91,8 @@ Options:
   -q, --quiet         Make output less verbose
   -h, --help          Show this help dialog
   -l, --list          Display all your ${listname}listed domains
-  --nuke              Removes all entries in a list"
+  --nuke              Removes all entries in a list
+  --comment \"text\"    Add a comment to the domain. If adding multiple domains the same comment will be used for all"
 
   exit 0
 }
@@ -98,21 +100,29 @@ Options:
 ValidateDomain() {
     # Convert to lowercase
     domain="${1,,}"
+    local str validDomain
 
     # Check validity of domain (don't check for regex entries)
-    if [[ "${#domain}" -le 253 ]]; then
-        if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
-            validDomain="${domain}"
-        else
+    if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
+        validDomain="${domain}"
+    else
+        # Check max length
+        if [[ "${#domain}" -le 253 ]]; then
             validDomain=$(grep -P "^((-|_)*[a-z\\d]((-|_)*[a-z\\d])*(-|_)*)(\\.(-|_)*([a-z\\d]((-|_)*[a-z\\d])*))*$" <<< "${domain}") # Valid chars check
             validDomain=$(grep -P "^[^\\.]{1,63}(\\.[^\\.]{1,63})*$" <<< "${validDomain}") # Length of each label
+            # set error string
+            str="is not a valid argument or domain name!"
+        else
+            validDomain=
+            str="is too long!"
+
         fi
     fi
 
     if [[ -n "${validDomain}" ]]; then
         domList=("${domList[@]}" "${validDomain}")
     else
-        echo -e "  ${CROSS} ${domain} is not a valid argument or domain name!"
+        echo -e "  ${CROSS} ${domain} ${str}"
     fi
 
     domaincount=$((domaincount+1))
@@ -132,7 +142,7 @@ ProcessDomainList() {
         else
             RemoveDomain "${dom}"
         fi
-  done
+    done
 }
 
 AddDomain() {
@@ -140,23 +150,23 @@ AddDomain() {
     domain="$1"
 
     # Is the domain in the list we want to add it to?
-    num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}';")"
+    num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}';")"
     requestedListname="$(GetListnameFromTypeId "${typeId}")"
 
     if [[ "${num}" -ne 0 ]]; then
-      existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")"
-      if [[ "${existingTypeId}" == "${typeId}" ]]; then
-        if [[ "${verbose}" == true ]]; then
-            echo -e "  ${INFO} ${1} already exists in ${requestedListname}, no need to add!"
+        existingTypeId="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")"
+        if [[ "${existingTypeId}" == "${typeId}" ]]; then
+            if [[ "${verbose}" == true ]]; then
+                echo -e "  ${INFO} ${1} already exists in ${requestedListname}, no need to add!"
+            fi
+        else
+            existingListname="$(GetListnameFromTypeId "${existingTypeId}")"
+            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';"
+            if [[ "${verbose}" == true ]]; then
+                echo -e "  ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!"
+            fi
         fi
-      else
-        existingListname="$(GetListnameFromTypeId "${existingTypeId}")"
-        sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';"
-        if [[ "${verbose}" == true ]]; then
-            echo -e "  ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!"
-        fi
-      fi
-      return
+        return
     fi
 
     # Domain not found in the table, add it!
@@ -167,10 +177,10 @@ AddDomain() {
     # Insert only the domain here. The enabled and date_added fields will be filled
     # with their default values (enabled = true, date_added = current timestamp)
     if [[ -z "${comment}" ]]; then
-        sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});"
+        pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});"
     else
         # also add comment when variable has been set through the "--comment" option
-        sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type,comment) VALUES ('${domain}',${typeId},'${comment}');"
+        pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type,comment) VALUES ('${domain}',${typeId},'${comment}');"
     fi
 }
 
@@ -179,15 +189,15 @@ RemoveDomain() {
     domain="$1"
 
     # Is the domain in the list we want to remove it from?
-    num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};")"
+    num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};")"
 
     requestedListname="$(GetListnameFromTypeId "${typeId}")"
 
     if [[ "${num}" -eq 0 ]]; then
-      if [[ "${verbose}" == true ]]; then
-          echo -e "  ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!"
-      fi
-      return
+        if [[ "${verbose}" == true ]]; then
+            echo -e "  ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!"
+        fi
+        return
     fi
 
     # Domain found in the table, remove it!
@@ -196,14 +206,14 @@ RemoveDomain() {
     fi
     reload=true
     # Remove it from the current list
-    sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};"
+    pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};"
 }
 
 Displaylist() {
     local count num_pipes domain enabled status nicedate requestedListname
 
     requestedListname="$(GetListnameFromTypeId "${typeId}")"
-    data="$(sqlite3 "${gravityDBfile}" "SELECT domain,enabled,date_modified FROM domainlist WHERE type = ${typeId};" 2> /dev/null)"
+    data="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain,enabled,date_modified FROM domainlist WHERE type = ${typeId};" 2> /dev/null)"
 
     if [[ -z $data ]]; then
         echo -e "Not showing empty list"
@@ -241,22 +251,22 @@ Displaylist() {
 }
 
 NukeList() {
-    count=$(sqlite3 "${gravityDBfile}" "SELECT COUNT(1) FROM domainlist WHERE type = ${typeId};")
-    listname="$(GetListnameFromTypeId "${typeId}")"    
+    count=$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(1) FROM domainlist WHERE type = ${typeId};")
+    listname="$(GetListnameFromTypeId "${typeId}")"
     if [ "$count" -gt 0 ];then
-        sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};"
+        pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};"
         echo "  ${TICK} Removed ${count} domain(s) from the ${listname}"
     else
         echo "  ${INFO} ${listname} already empty. Nothing to do!"
-    fi    
+    fi
     exit 0;
 }
 
 GetComment() {
     comment="$1"
     if [[ "${comment}" =~ [^a-zA-Z0-9_\#:/\.,\ -] ]]; then
-      echo "  ${CROSS} Found invalid characters in domain comment!"
-      exit
+        echo "  ${CROSS} Found invalid characters in domain comment!"
+        exit
     fi
 }
 
@@ -268,7 +278,7 @@ while (( "$#" )); do
         "--white-wild" | "white-wild" ) typeId=2; wildcard=true;;
         "--wild" | "wildcard" ) typeId=3; wildcard=true;;
         "--regex" | "regex"   ) typeId=3;;
-        "-nr"| "--noreload"  ) reload=false;;
+        "-nr"| "--noreload"  ) noReloadRequested=true;;
         "-d" | "--delmode"   ) addmode=false;;
         "-q" | "--quiet"     ) verbose=false;;
         "-h" | "--help"      ) helpFunc;;
@@ -291,9 +301,9 @@ ProcessDomainList
 
 # Used on web interface
 if $web; then
-echo "DONE"
+    echo "DONE"
 fi
 
-if [[ "${reload}" != false ]]; then
+if [[ ${reload} == true && ${noReloadRequested} == false ]]; then
     pihole restartdns reload-lists
 fi

advanced/Scripts/piholeARPTable.sh

@@ -39,7 +39,7 @@ flushARP(){
     # Truncate network_addresses table in pihole-FTL.db
     # This needs to be done before we can truncate the network table due to
     # foreign key constraints
-    if ! output=$(sqlite3 "${DBFILE}" "DELETE FROM network_addresses" 2>&1); then
+    if ! output=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM network_addresses" 2>&1); then
         echo -e "${OVER}  ${CROSS} Failed to truncate network_addresses table"
         echo "  Database location: ${DBFILE}"
         echo "  Output: ${output}"
@@ -47,7 +47,7 @@ flushARP(){
     fi
 
     # Truncate network table in pihole-FTL.db
-    if ! output=$(sqlite3 "${DBFILE}" "DELETE FROM network" 2>&1); then
+    if ! output=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM network" 2>&1); then
         echo -e "${OVER}  ${CROSS} Failed to truncate network table"
         echo "  Database location: ${DBFILE}"
         echo "  Output: ${output}"

advanced/Scripts/piholeCheckout.sh

@@ -9,7 +9,7 @@
 # Please see LICENSE file for your rights under this license.
 
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 
 # webInterfaceGitUrl set in basic-install.sh
@@ -164,17 +164,24 @@ checkout() {
             exit 1
         fi
         checkout_pull_branch "${webInterfaceDir}" "${2}"
+        # Update local and remote versions via updatechecker
+        /opt/pihole/updatecheck.sh
     elif [[ "${1}" == "ftl" ]] ; then
         local path
+        local oldbranch
         path="${2}/${binary}"
+        oldbranch="$(pihole-FTL -b)"
 
         if check_download_exists "$path"; then
             echo "  ${TICK} Branch ${2} exists"
             echo "${2}" > /etc/pihole/ftlbranch
             chmod 644 /etc/pihole/ftlbranch
+            echo -e "  ${INFO} Switching to branch: \"${2}\" from \"${oldbranch}\""
             FTLinstall "${binary}"
             restart_service pihole-FTL
             enable_service pihole-FTL
+            # Update local and remote versions via updatechecker
+            /opt/pihole/updatecheck.sh
         else
             echo "  ${CROSS} Requested branch \"${2}\" is not available"
             ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep 'heads' | sed 's/refs\/heads\///;s/ //g' | awk '{print $2}') )

advanced/Scripts/piholeLogFlush.sh

@@ -11,6 +11,11 @@
 colfile="/opt/pihole/COL_TABLE"
 source ${colfile}
 
+# In case we're running at the same time as a system logrotate, use a
+# separate logrotate state file to prevent stepping on each other's
+# toes.
+STATEFILE="/var/lib/logrotate/pihole"
+
 # Determine database location
 # Obtain DBFILE=... setting from pihole-FTL.db
 # Constructed to return nothing when
@@ -26,45 +31,45 @@ if [ -z "$DBFILE" ]; then
 fi
 
 if [[ "$@" != *"quiet"* ]]; then
-    echo -ne "  ${INFO} Flushing /var/log/pihole.log ..."
+    echo -ne "  ${INFO} Flushing /var/log/pihole/pihole.log ..."
 fi
 if [[ "$@" == *"once"* ]]; then
     # Nightly logrotation
     if command -v /usr/sbin/logrotate >/dev/null; then
         # Logrotate once
-        /usr/sbin/logrotate --force /etc/pihole/logrotate
+        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
     else
         # Copy pihole.log over to pihole.log.1
         # and empty out pihole.log
         # Note that moving the file is not an option, as
         # dnsmasq would happily continue writing into the
         # moved file (it will have the same file handler)
-        cp -p /var/log/pihole.log /var/log/pihole.log.1
-        echo " " > /var/log/pihole.log
-        chmod 644 /var/log/pihole.log
+        cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        chmod 640 /var/log/pihole/pihole.log
     fi
 else
     # Manual flushing
     if command -v /usr/sbin/logrotate >/dev/null; then
         # Logrotate twice to move all data out of sight of FTL
-        /usr/sbin/logrotate --force /etc/pihole/logrotate; sleep 3
-        /usr/sbin/logrotate --force /etc/pihole/logrotate
+        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate; sleep 3
+        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
     else
         # Flush both pihole.log and pihole.log.1 (if existing)
-        echo " " > /var/log/pihole.log
-        if [ -f /var/log/pihole.log.1 ]; then
-            echo " " > /var/log/pihole.log.1
-            chmod 644 /var/log/pihole.log.1
+        echo " " > /var/log/pihole/pihole.log
+        if [ -f /var/log/pihole/pihole.log.1 ]; then
+            echo " " > /var/log/pihole/pihole.log.1
+            chmod 640 /var/log/pihole/pihole.log.1
         fi
     fi
     # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
-    deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1")
+    deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
 
     # Restart pihole-FTL to force reloading history
     sudo pihole restartdns
 fi
 
 if [[ "$@" != *"quiet"* ]]; then
-    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole.log"
+    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole/pihole.log"
     echo -e "  ${TICK} Deleted ${deleted} queries from database"
 fi

advanced/Scripts/query.sh

@@ -16,12 +16,11 @@ GRAVITYDB="${piholeDir}/gravity.db"
 options="$*"
 all=""
 exact=""
-blockpage=""
 matchType="match"
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
-  source "${pihole_FTL}"
+    source "${pihole_FTL}"
 fi
 
 # Set this only after sourcing pihole-FTL.conf as the gravity database path may
@@ -31,10 +30,49 @@ gravityDBfile="${GRAVITYDB}"
 colfile="/opt/pihole/COL_TABLE"
 source "${colfile}"
 
+if [[ "${options}" == "-h" ]] || [[ "${options}" == "--help" ]]; then
+    echo "Usage: pihole -q [option] <domain>
+Example: 'pihole -q -exact domain.com'
+Query the adlists for a specified domain
+
+Options:
+  -exact              Search the adlists for exact domain matches
+  -all                Return all query matches within the adlists
+  -h, --help          Show this help dialog"
+  exit 0
+fi
+
+# Handle valid options
+[[ "${options}" == *"-all"* ]] && all=true
+if [[ "${options}" == *"-exact"* ]]; then
+    exact="exact"; matchType="exact ${matchType}"
+fi
+
+# Strip valid options, leaving only the domain and invalid options
+# This allows users to place the options before or after the domain
+options=$(sed -E 's/ ?-(all|exact) ?//g' <<< "${options}")
+
+# Handle remaining options
+# If $options contain non ASCII characters, convert to punycode
+case "${options}" in
+    ""             ) str="No domain specified";;
+    *" "*          ) str="Unknown query option specified";;
+    *[![:ascii:]]* ) rawDomainQuery=$(idn2 "${options}");;
+    *              ) rawDomainQuery="${options}";;
+esac
+
+# convert the domain to lowercase
+domainQuery=$(echo "${rawDomainQuery}" | tr '[:upper:]' '[:lower:]')
+
+if [[ -n "${str:-}" ]]; then
+    echo -e "${str}${COL_NC}\\nTry 'pihole -q --help' for more information."
+    exit 1
+fi
+
 # Scan an array of files for matching strings
 scanList(){
     # Escape full stops
-    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" type="${3:-}"
+    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" list_type="${3:-}"
 
     # Prevent grep from printing file path
     cd "$piholeDir" || exit 1
@@ -43,112 +81,91 @@ scanList(){
     export LC_CTYPE=C
 
     # /dev/null forces filename to be printed when only one list has been generated
-    case "${type}" in
-        "exact" ) grep -i -E -l "(^|(?<!#)\\s)${esc_domain}($|\\s|#)" ${lists} /dev/null 2>/dev/null;;
+    case "${list_type}" in
+        "exact" ) grep -i -E -l "(^|(?<!#)\\s)${esc_domain}($|\\s|#)" "${lists}" /dev/null 2>/dev/null;;
         # Iterate through each regexp and check whether it matches the domainQuery
         # If it does, print the matching regexp and continue looping
         # Input 1 - regexps | Input 2 - domainQuery
-        "regex" ) 
+        "regex" )
             for list in ${lists}; do
                 if [[ "${domain}" =~ ${list} ]]; then
                     printf "%b\n" "${list}";
                 fi
             done;;
-        *       ) grep -i "${esc_domain}" ${lists} /dev/null 2>/dev/null;;
+        *       ) grep -i "${esc_domain}" "${lists}" /dev/null 2>/dev/null;;
     esac
 }
 
-if [[ "${options}" == "-h" ]] || [[ "${options}" == "--help" ]]; then
-    echo "Usage: pihole -q [option] <domain>
-Example: 'pihole -q -exact domain.com'
-Query the adlists for a specified domain
-
-Options:
-  -exact              Search the block lists for exact domain matches
-  -all                Return all query matches within a block list
-  -h, --help          Show this help dialog"
-  exit 0
-fi
-
-# Handle valid options
-if [[ "${options}" == *"-bp"* ]]; then
-    exact="exact"; blockpage=true
-else
-    [[ "${options}" == *"-all"* ]] && all=true
-    if [[ "${options}" == *"-exact"* ]]; then
-        exact="exact"; matchType="exact ${matchType}"
-    fi
-fi
-
-# Strip valid options, leaving only the domain and invalid options
-# This allows users to place the options before or after the domain
-options=$(sed -E 's/ ?-(bp|adlists?|all|exact) ?//g' <<< "${options}")
-
-# Handle remaining options
-# If $options contain non ASCII characters, convert to punycode
-case "${options}" in
-    ""             ) str="No domain specified";;
-    *" "*          ) str="Unknown query option specified";;
-    *[![:ascii:]]* ) domainQuery=$(idn2 "${options}");;
-    *              ) domainQuery="${options}";;
-esac
-
-if [[ -n "${str:-}" ]]; then
-    echo -e "${str}${COL_NC}\\nTry 'pihole -q --help' for more information."
-    exit 1
-fi
-
 scanDatabaseTable() {
-    local domain table type querystr result extra
+    local domain table list_type querystr result extra abpquerystr abpfound abpentry searchstr
     domain="$(printf "%q" "${1}")"
     table="${2}"
-    type="${3:-}"
+    list_type="${3:-}"
 
     # As underscores are legitimate parts of domains, we escape them when using the LIKE operator.
     # Underscores are SQLite wildcards matching exactly one character. We obviously want to suppress this
     # behavior. The "ESCAPE '\'" clause specifies that an underscore preceded by an '\' should be matched
     # as a literal underscore character. We pretreat the $domain variable accordingly to escape underscores.
     if [[ "${table}" == "gravity" ]]; then
-      case "${exact}" in
-          "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";;
-          *       ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
-      esac
+
+        # Are there ABP entries on gravity?
+        # Return 1 if abp_domain=1 or Zero if abp_domain=0 or not set
+        abpquerystr="SELECT EXISTS (SELECT 1 FROM info WHERE property='abp_domains' and value='1')"
+        abpfound="$(pihole-FTL sqlite3 "${gravityDBfile}" "${abpquerystr}")" 2> /dev/null
+
+        # Create search string for ABP entries only if needed
+        if [ "${abpfound}" -eq 1 ]; then
+            abpentry="${domain}"
+
+            searchstr="'||${abpentry}^'"
+
+            # While a dot is found ...
+            while [ "${abpentry}" != "${abpentry/./}" ]
+            do
+                # ... remove text before the dot (including the dot) and append the result to $searchstr
+                abpentry=$(echo "${abpentry}" | cut -f 2- -d '.')
+                searchstr="$searchstr, '||${abpentry}^'"
+            done
+
+            # The final search string will look like:
+            # "domain IN ('||sub2.sub1.domain.com^', '||sub1.domain.com^', '||domain.com^', '||com^') OR"
+            searchstr="domain IN (${searchstr}) OR "
+        fi
+
+        case "${exact}" in
+            "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";;
+            *       ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE ${searchstr} domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
+        esac
     else
-      case "${exact}" in
-          "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";;
-          *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
-      esac
+        case "${exact}" in
+            "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain = '${domain}'";;
+            *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
+        esac
     fi
 
     # Send prepared query to gravity database
-    result="$(sqlite3 "${gravityDBfile}" "${querystr}")" 2> /dev/null
+    result="$(pihole-FTL sqlite3 -separator ',' "${gravityDBfile}" "${querystr}")" 2> /dev/null
     if [[ -z "${result}" ]]; then
         # Return early when there are no matches in this table
         return
     fi
 
     if [[ "${table}" == "gravity" ]]; then
-      echo "${result}"
-      return
+        echo "${result}"
+        return
     fi
 
     # Mark domain as having been white-/blacklist matched (global variable)
     wbMatch=true
 
     # Print table name
-    if [[ -z "${blockpage}" ]]; then
-        echo " ${matchType^} found in ${COL_BOLD}exact ${table}${COL_NC}"
-    fi
+    echo " ${matchType^} found in ${COL_BOLD}exact ${table}${COL_NC}"
 
     # Loop over results and print them
     mapfile -t results <<< "${result}"
     for result in "${results[@]}"; do
-        if [[ -n "${blockpage}" ]]; then
-            echo "π ${result}"
-            exit 0
-        fi
-        domain="${result/|*}"
-        if [[ "${result#*|}" == "0" ]]; then
+        domain="${result/,*}"
+        if [[ "${result#*,}" == "0" ]]; then
             extra=" (disabled)"
         else
             extra=""
@@ -158,13 +175,13 @@ scanDatabaseTable() {
 }
 
 scanRegexDatabaseTable() {
-    local domain list
+    local domain list list_type
     domain="${1}"
     list="${2}"
-    type="${3:-}"
+    list_type="${3:-}"
 
     # Query all regex from the corresponding database tables
-    mapfile -t regexList < <(sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${type}" 2> /dev/null)
+    mapfile -t regexList < <(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${list_type}" 2> /dev/null)
 
     # If we have regexps to process
     if [[ "${#regexList[@]}" -ne 0 ]]; then
@@ -181,18 +198,13 @@ scanRegexDatabaseTable() {
             # Form a "results" message
             str_result="${COL_BOLD}${str_regexMatches}${COL_NC}"
             # If we are displaying more than just the source of the block
-            if [[ -z "${blockpage}" ]]; then
-                # Set the wildcard match flag
-                wcMatch=true
-                # Echo the "matched" message, indented by one space
-                echo " ${str_message}"
-                # Echo the "results" message, each line indented by three spaces
-                # shellcheck disable=SC2001
-                echo "${str_result}" | sed 's/^/   /'
-            else
-                echo "π .wildcard"
-                exit 0
-            fi
+            # Set the wildcard match flag
+            wcMatch=true
+            # Echo the "matched" message, indented by one space
+            echo " ${str_message}"
+            # Echo the "results" message, each line indented by three spaces
+            # shellcheck disable=SC2001
+            echo "${str_result}" | sed 's/^/   /'
         fi
     fi
 }
@@ -210,7 +222,7 @@ mapfile -t results <<< "$(scanDatabaseTable "${domainQuery}" "gravity")"
 
 # Handle notices
 if [[ -z "${wbMatch:-}" ]] && [[ -z "${wcMatch:-}" ]] && [[ -z "${results[*]}" ]]; then
-    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the block lists"
+    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the adlists"
     exit 0
 elif [[ -z "${results[*]}" ]]; then
     # Result found in WL/BL/Wildcards
@@ -222,26 +234,24 @@ elif [[ -z "${all}" ]] && [[ "${#results[*]}" -ge 100 ]]; then
 fi
 
 # Print "Exact matches for" title
-if [[ -n "${exact}" ]] && [[ -z "${blockpage}" ]]; then
+if [[ -n "${exact}" ]]; then
     plural=""; [[ "${#results[*]}" -gt 1 ]] && plural="es"
     echo " ${matchType^}${plural} for ${COL_BOLD}${domainQuery}${COL_NC} found in:"
 fi
 
 for result in "${results[@]}"; do
-    match="${result/|*/}"
-    extra="${result#*|}"
-    adlistAddress="${extra/|*/}"
-    extra="${extra#*|}"
+    match="${result/,*/}"
+    extra="${result#*,}"
+    adlistAddress="${extra/,*/}"
+    extra="${extra#*,}"
     if [[ "${extra}" == "0" ]]; then
-      extra="(disabled)"
+        extra=" (disabled)"
     else
-      extra=""
+        extra=""
     fi
 
-    if [[ -n "${blockpage}" ]]; then
-        echo "0 ${adlistAddress}"
-    elif [[ -n "${exact}" ]]; then
-        echo "  - ${adlistAddress} ${extra}"
+    if [[ -n "${exact}" ]]; then
+        echo "  - ${adlistAddress}${extra}"
     else
         if [[ ! "${adlistAddress}" == "${adlistAddress_prev:-}" ]]; then
             count=""
@@ -256,7 +266,7 @@ for result in "${results[@]}"; do
             [[ "${count}" -gt "${max_count}" ]] && continue
             echo "   ${COL_GRAY}Over ${count} results found, skipping rest of file${COL_NC}"
         else
-            echo "   ${match} ${extra}"
+            echo "   ${match}${extra}"
         fi
     fi
 done

advanced/Scripts/setupLCD.sh

@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Automatically configures the Pi to use the 2.8 LCD screen to display stats on it (also works over ssh)
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-
-
-############ FUNCTIONS ###########
-
-# Borrowed from adafruit-pitft-helper < borrowed from raspi-config
-# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L324-L334
-getInitSys() {
-    if command -v systemctl > /dev/null && systemctl | grep -q '\-\.mount'; then
-        SYSTEMD=1
-    elif [ -f /etc/init.d/cron ] && [ ! -h /etc/init.d/cron ]; then
-        SYSTEMD=0
-    else
-        echo "Unrecognized init system"
-        return 1
-    fi
-}
-
-# Borrowed from adafruit-pitft-helper:
-# https://github.com/adafruit/Adafruit-PiTFT-Helper/blob/master/adafruit-pitft-helper#L274-L285
-autoLoginPiToConsole() {
-    if [ -e /etc/init.d/lightdm ]; then
-        if [ ${SYSTEMD} -eq 1 ]; then
-            systemctl set-default multi-user.target
-            ln -fs /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
-        else
-            update-rc.d lightdm disable 2
-            sed /etc/inittab -i -e "s/1:2345:respawn:\/sbin\/getty --noclear 38400 tty1/1:2345:respawn:\/bin\/login -f pi tty1 <\/dev\/tty1 >\/dev\/tty1 2>&1/"
-        fi
-    fi
-}
-
-######### SCRIPT ###########
-# Set pi to log in automatically
-getInitSys
-autoLoginPiToConsole
-
-# Set chronomter to run automatically when pi logs in
-echo /usr/local/bin/chronometer.sh >> /home/pi/.bashrc
-# OR
-#$SUDO echo /usr/local/bin/chronometer.sh >> /etc/profile
-
-# Set up the LCD screen based on Adafruits instuctions:
-# https://learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi/easy-install
-curl -SLs https://apt.adafruit.com/add-pin | bash
-apt-get -y install raspberrypi-bootloader
-apt-get -y install adafruit-pitft-helper
-adafruit-pitft-helper -t 28r
-
-# Download the cmdline.txt file that prevents the screen from going blank after a period of time
-mv /boot/cmdline.txt /boot/cmdline.orig
-curl -o /boot/cmdline.txt https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/cmdline.txt
-
-# Back up the original file and download the new one
-mv /etc/default/console-setup /etc/default/console-setup.orig
-curl -o /etc/default/console-setup https://raw.githubusercontent.com/pi-hole/pi-hole/master/advanced/console-setup
-
-# Instantly apply the font change to the LCD screen
-setupcon
-
-reboot
-
-# Start showing the stats on the screen by running the command on another tty:
-# https://unix.stackexchange.com/questions/170063/start-a-process-on-a-different-tty
-#setsid sh -c 'exec /usr/local/bin/chronometer.sh <> /dev/tty1 >&0 2>&1'

advanced/Scripts/update.sh

@@ -17,7 +17,7 @@ readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git"
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
 
 # shellcheck disable=SC2034
-PH_TEST=true
+SKIP_INSTALL=true
 
 # when --check-only is passed to this script, it will not perform the actual update
 CHECK_ONLY=false
@@ -35,6 +35,7 @@ source "/opt/pihole/COL_TABLE"
 
 GitCheckUpdateAvail() {
     local directory
+    local curBranch
     directory="${1}"
     curdir=$PWD
     cd "${directory}" || return
@@ -42,18 +43,29 @@ GitCheckUpdateAvail() {
     # Fetch latest changes in this repo
     git fetch --quiet origin
 
-    # @ alone is a shortcut for HEAD. Older versions of git
-    # need @{0}
-    LOCAL="$(git rev-parse "@{0}")"
+    # Check current branch. If it is master, then check for the latest available tag instead of latest commit.
+    curBranch=$(git rev-parse --abbrev-ref HEAD)
+    if [[ "${curBranch}" == "master" ]]; then
+        # get the latest local tag
+        LOCAL=$(git describe --abbrev=0 --tags master)
+        # get the latest tag from remote
+        REMOTE=$(git describe --abbrev=0 --tags origin/master)
+
+    else
+        # @ alone is a shortcut for HEAD. Older versions of git
+        # need @{0}
+        LOCAL="$(git rev-parse "@{0}")"
+
+        # The suffix @{upstream} to a branchname
+        # (short form <branchname>@{u}) refers
+        # to the branch that the branch specified
+        # by branchname is set to build on top of#
+        # (configured with branch.<name>.remote and
+        # branch.<name>.merge). A missing branchname
+        # defaults to the current one.
+        REMOTE="$(git rev-parse "@{upstream}")"
+    fi
 
-    # The suffix @{upstream} to a branchname
-    # (short form <branchname>@{u}) refers
-    # to the branch that the branch specified
-    # by branchname is set to build on top of#
-    # (configured with branch.<name>.remote and
-    # branch.<name>.merge). A missing branchname
-    # defaults to the current one.
-    REMOTE="$(git rev-parse "@{upstream}")"
 
     if [[ "${#LOCAL}" == 0 ]]; then
         echo -e "\\n  ${COL_LIGHT_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
@@ -95,6 +107,10 @@ main() {
     # shellcheck disable=1090,2154
     source "${setupVars}"
 
+    # Install packages used by this installation script (necessary if users have removed e.g. git from their systems)
+    package_manager_detect
+    install_dependent_packages "${INSTALLER_DEPS[@]}"
+
     # This is unlikely
     if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
         echo -e "\\n  ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
@@ -196,13 +212,12 @@ main() {
 
     if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then
         ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \
-        echo -e "${basicError}" && exit 1
+            echo -e "${basicError}" && exit 1
     fi
 
     if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then
-        # Force an update of the updatechecker
+        # Update local and remote versions via updatechecker
         /opt/pihole/updatecheck.sh
-        /opt/pihole/updatecheck.sh x remote
         echo -e "  ${INFO} Local version file information updated."
     fi
 

advanced/Scripts/updatecheck.sh

@@ -8,23 +8,6 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-# Credit: https://stackoverflow.com/a/46324904
-function json_extract() {
-    local key=$1
-    local json=$2
-
-    local string_regex='"([^"\]|\\.)*"'
-    local number_regex='-?(0|[1-9][0-9]*)(\.[0-9]+)?([eE][+-]?[0-9]+)?'
-    local value_regex="${string_regex}|${number_regex}|true|false|null"
-    local pair_regex="\"${key}\"[[:space:]]*:[[:space:]]*(${value_regex})"
-
-    if [[ ${json} =~ ${pair_regex} ]]; then
-        echo $(sed 's/^"\|"$//g' <<< "${BASH_REMATCH[1]}")
-    else
-        return 1
-    fi
-}
-
 function get_local_branch() {
     # Return active branch
     cd "${1}" 2> /dev/null || return 1
@@ -32,63 +15,119 @@ function get_local_branch() {
 }
 
 function get_local_version() {
-    # Return active branch
+    # Return active version
     cd "${1}" 2> /dev/null || return 1
-    git describe --long --dirty --tags 2> /dev/null || return 1
+    git describe --tags --always 2> /dev/null || return 1
+}
+
+function get_local_hash() {
+    cd "${1}" 2> /dev/null || return 1
+    git rev-parse --short=8 HEAD || return 1
+}
+
+function get_remote_version() {
+    curl -s "https://api.github.com/repos/pi-hole/${1}/releases/latest" 2> /dev/null | jq --raw-output .tag_name || return 1
+}
+
+
+function get_remote_hash(){
+    git ls-remote "https://github.com/pi-hole/${1}" --tags "${2}" | awk '{print substr($0, 0,8);}' || return 1
 }
 
 # Source the setupvars config file
 # shellcheck disable=SC1091
 . /etc/pihole/setupVars.conf
 
-if [[ "$2" == "remote" ]]; then
+# Source the utils file for addOrEditKeyValPair()
+# shellcheck disable=SC1091
+. /opt/pihole/utils.sh
 
-    if [[ "$3" == "reboot" ]]; then
+# Remove the below three legacy files if they exist
+rm -f "/etc/pihole/GitHubVersions"
+rm -f "/etc/pihole/localbranches"
+rm -f "/etc/pihole/localversions"
+
+# Create new versions file if it does not exist
+VERSION_FILE="/etc/pihole/versions"
+touch "${VERSION_FILE}"
+chmod 644 "${VERSION_FILE}"
+
+# if /pihole.docker.tag file exists, we will use it's value later in this script
+DOCKER_TAG=$(cat /pihole.docker.tag 2>/dev/null)
+regex='^([0-9]+\.){1,2}(\*|[0-9]+)(-.*)?$|(^nightly$)|(^dev.*$)'
+if [[ ! "${DOCKER_TAG}" =~ $regex ]]; then
+  # DOCKER_TAG does not match the pattern (see https://regex101.com/r/RsENuz/1), so unset it.
+  unset DOCKER_TAG
+fi
+
+# used in cronjob
+if [[ "$1" == "reboot" ]]; then
         sleep 30
-    fi
+fi
 
-    GITHUB_VERSION_FILE="/etc/pihole/GitHubVersions"
 
-    GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
-    echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
-    chmod 644 "${GITHUB_VERSION_FILE}"
+# get Core versions
 
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
-        echo -n " ${GITHUB_WEB_VERSION}" >> "${GITHUB_VERSION_FILE}"
-    fi
+CORE_VERSION="$(get_local_version /etc/.pihole)"
+addOrEditKeyValPair "${VERSION_FILE}" "CORE_VERSION" "${CORE_VERSION}"
 
-    GITHUB_FTL_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/FTL/releases/latest' 2> /dev/null)")"
-    echo -n " ${GITHUB_FTL_VERSION}" >> "${GITHUB_VERSION_FILE}"
+CORE_BRANCH="$(get_local_branch /etc/.pihole)"
+addOrEditKeyValPair "${VERSION_FILE}" "CORE_BRANCH" "${CORE_BRANCH}"
 
-else
+CORE_HASH="$(get_local_hash /etc/.pihole)"
+addOrEditKeyValPair "${VERSION_FILE}" "CORE_HASH" "${CORE_HASH}"
 
-    LOCAL_BRANCH_FILE="/etc/pihole/localbranches"
+GITHUB_CORE_VERSION="$(get_remote_version pi-hole)"
+addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_VERSION" "${GITHUB_CORE_VERSION}"
 
-    CORE_BRANCH="$(get_local_branch /etc/.pihole)"
-    echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
-    chmod 644 "${LOCAL_BRANCH_FILE}"
+GITHUB_CORE_HASH="$(get_remote_hash pi-hole "${CORE_BRANCH}")"
+addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_HASH" "${GITHUB_CORE_HASH}"
 
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
-        echo -n " ${WEB_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
-    fi
 
-    FTL_BRANCH="$(pihole-FTL branch)"
-    echo -n " ${FTL_BRANCH}" >> "${LOCAL_BRANCH_FILE}"
+# get Web versions
 
-    LOCAL_VERSION_FILE="/etc/pihole/localversions"
+if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
 
-    CORE_VERSION="$(get_local_version /etc/.pihole)"
-    echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
-    chmod 644 "${LOCAL_VERSION_FILE}"
+    WEB_VERSION="$(get_local_version /var/www/html/admin)"
+    addOrEditKeyValPair "${VERSION_FILE}" "WEB_VERSION" "${WEB_VERSION}"
 
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        WEB_VERSION="$(get_local_version /var/www/html/admin)"
-        echo -n " ${WEB_VERSION}" >> "${LOCAL_VERSION_FILE}"
-    fi
+    WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
+    addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}"
 
-    FTL_VERSION="$(pihole-FTL version)"
-    echo -n " ${FTL_VERSION}" >> "${LOCAL_VERSION_FILE}"
+    WEB_HASH="$(get_local_hash /var/www/html/admin)"
+    addOrEditKeyValPair "${VERSION_FILE}" "WEB_HASH" "${WEB_HASH}"
+
+    GITHUB_WEB_VERSION="$(get_remote_version AdminLTE)"
+    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_VERSION" "${GITHUB_WEB_VERSION}"
+
+    GITHUB_WEB_HASH="$(get_remote_hash AdminLTE "${WEB_BRANCH}")"
+    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_HASH" "${GITHUB_WEB_HASH}"
 
 fi
+
+# get FTL versions
+
+FTL_VERSION="$(pihole-FTL version)"
+addOrEditKeyValPair "${VERSION_FILE}" "FTL_VERSION" "${FTL_VERSION}"
+
+FTL_BRANCH="$(pihole-FTL branch)"
+addOrEditKeyValPair "${VERSION_FILE}" "FTL_BRANCH" "${FTL_BRANCH}"
+
+FTL_HASH="$(pihole-FTL --hash)"
+addOrEditKeyValPair "${VERSION_FILE}" "FTL_HASH" "${FTL_HASH}"
+
+GITHUB_FTL_VERSION="$(get_remote_version FTL)"
+addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_FTL_VERSION" "${GITHUB_FTL_VERSION}"
+
+GITHUB_FTL_HASH="$(get_remote_hash FTL "${FTL_BRANCH}")"
+addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_FTL_HASH" "${GITHUB_FTL_HASH}"
+
+
+# get Docker versions
+
+if [[ "${DOCKER_TAG}" ]]; then
+    addOrEditKeyValPair "${VERSION_FILE}" "DOCKER_VERSION" "${DOCKER_TAG}"
+
+    GITHUB_DOCKER_VERSION="$(get_remote_version docker-pi-hole)"
+    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_DOCKER_VERSION" "${GITHUB_DOCKER_VERSION}"
+fi

advanced/Scripts/utils.sh

@@ -0,0 +1,165 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
+
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Script to hold utility functions for use in other scripts
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+# Basic Housekeeping rules
+#  - Functions must be self contained
+#  - Functions should be grouped with other similar functions
+#  - Functions must be documented
+#  - New functions must have a test added for them in test/test_any_utils.py
+
+#######################
+# Takes Three arguments: file, key, and value.
+#
+# Checks the target file for the existence of the key
+#   - If it exists, it changes the value
+#   - If it does not exist, it adds the value
+#
+# Example usage:
+# addOrEditKeyValPair "/etc/pihole/setupVars.conf" "BLOCKING_ENABLED" "true"
+#######################
+addOrEditKeyValPair() {
+  local file="${1}"
+  local key="${2}"
+  local value="${3}"
+
+  # touch file to prevent grep error if file does not exist yet
+  touch "${file}"
+
+  if grep -q "^${key}=" "${file}"; then
+    # Key already exists in file, modify the value
+    sed -i "/^${key}=/c\\${key}=${value}" "${file}"
+  else
+    # Key does not already exist, add it and it's value
+    echo "${key}=${value}" >> "${file}"
+  fi
+}
+
+#######################
+# Takes two arguments: file and key.
+# Adds a key to target file
+#
+# Example usage:
+# addKey "/etc/dnsmasq.d/01-pihole.conf" "log-queries"
+#######################
+addKey(){
+  local file="${1}"
+  local key="${2}"
+
+  # touch file to prevent grep error if file does not exist yet
+  touch "${file}"
+
+  # Match key against entire line, using both anchors. We assume
+  # that the file's keys never have bounding whitespace. Anchors
+  # are necessary to ensure the key is considered absent when it
+  # is a substring of another key present in the file.
+  if ! grep -q "^${key}$" "${file}"; then
+    # Key does not exist, add it.
+    echo "${key}" >> "${file}"
+  fi
+}
+
+#######################
+# Takes two arguments: file and key.
+# Deletes a key or key/value pair from target file
+#
+# Example usage:
+# removeKey "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1"
+#######################
+removeKey() {
+  local file="${1}"
+  local key="${2}"
+  sed -i "/^${key}/d" "${file}"
+}
+
+#######################
+# Takes two arguments: file and key.
+# Returns the value of a given key from target file
+# - ignores all commented lines
+# - only returns the first value if multiple identical keys exist
+#
+#
+# Example usage:
+# getVal "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1"
+#######################
+getVal() {
+  local file="${1}"
+  local key="${2}"
+  local value
+  value=$(sed -e '/^[[:blank:]]*#/d' "${file}" | grep "${key}" | awk -F "=" 'NR==1{printf$2}')
+  printf "%s" "$value"
+}
+
+
+#######################
+# returns FTL's current telnet API port based on the setting in /etc/pihole-FTL.conf
+########################
+getFTLAPIPort(){
+    local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+    local DEFAULT_FTL_PORT=4711
+    local ftl_api_port
+
+    if [ -s "$FTLCONFFILE" ]; then
+        # if FTLPORT is not set in pihole-FTL.conf, use the default port
+        ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)"
+        # Exploit prevention: set the port to the default port if there is malicious (non-numeric)
+        # content set in pihole-FTL.conf
+        expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && ftl_api_port="${DEFAULT_FTL_PORT}"
+    else
+        # if there is no pihole-FTL.conf, use the default port
+        ftl_api_port="${DEFAULT_FTL_PORT}"
+    fi
+
+    echo "${ftl_api_port}"
+}
+
+#######################
+# returns path of FTL's PID  file
+#######################
+getFTLPIDFile() {
+  local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
+  local DEFAULT_PID_FILE="/run/pihole-FTL.pid"
+  local FTL_PID_FILE
+
+  if [ -s "${FTLCONFFILE}" ]; then
+    # if PIDFILE is not set in pihole-FTL.conf, use the default path
+    FTL_PID_FILE="$({ grep '^PIDFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PID_FILE}"; } | cut -d'=' -f2-)"
+  else
+    # if there is no pihole-FTL.conf, use the default path
+    FTL_PID_FILE="${DEFAULT_PID_FILE}"
+  fi
+
+  echo "${FTL_PID_FILE}"
+}
+
+#######################
+# returns FTL's PID based on the content of the pihole-FTL.pid file
+#
+# Takes one argument: path to pihole-FTL.pid
+# Example getFTLPID "/run/pihole-FTL.pid"
+#######################
+getFTLPID() {
+    local FTL_PID_FILE="${1}"
+    local FTL_PID
+
+    if [ -s "${FTL_PID_FILE}" ]; then
+        # -s: FILE exists and has a size greater than zero
+        FTL_PID="$(cat "${FTL_PID_FILE}")"
+        # Exploit prevention: unset the variable if there is malicious content
+        # Verify that the value read from the file is numeric
+        expr "${FTL_PID}" : "[^[:digit:]]" > /dev/null && unset FTL_PID
+    fi
+
+    # If FTL is not running, or the PID file contains malicious stuff, substitute
+    # negative PID to signal this
+    FTL_PID=${FTL_PID:=-1}
+    echo  "${FTL_PID}"
+}

advanced/Scripts/version.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
@@ -8,167 +8,104 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-# Variables
-DEFAULT="-1"
-COREGITDIR="/etc/.pihole/"
-WEBGITDIR="/var/www/html/admin/"
+# Source the setupvars config file
+# shellcheck disable=SC1091
+. /etc/pihole/setupVars.conf
+
+# Source the versions file poupulated by updatechecker.sh
+cachedVersions="/etc/pihole/versions"
+
+if [ -f ${cachedVersions} ]; then
+    # shellcheck disable=SC1090
+    . "$cachedVersions"
+else
+    echo "Could not find /etc/pihole/versions. Running update now."
+    pihole updatechecker
+    # shellcheck disable=SC1090
+    . "$cachedVersions"
+fi
 
 getLocalVersion() {
-    # FTL requires a different method
-    if [[ "$1" == "FTL" ]]; then
-        pihole-FTL version
-        return 0
-    fi
-
-    # Get the tagged version of the local repository
-    local directory="${1}"
-    local version
-
-    cd "${directory}" 2> /dev/null || { echo "${DEFAULT}"; return 1; }
-    version=$(git describe --tags --always || echo "$DEFAULT")
-    if [[ "${version}" =~ ^v ]]; then
-        echo "${version}"
-    elif [[ "${version}" == "${DEFAULT}" ]]; then
-        echo "ERROR"
-        return 1
-    else
-        echo "Untagged"
-    fi
-    return 0
+    case ${1} in
+        "Pi-hole"   )  echo "${CORE_VERSION:=N/A}";;
+        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${WEB_VERSION:=N/A}";;
+        "FTL"       )  echo "${FTL_VERSION:=N/A}";;
+    esac
 }
 
 getLocalHash() {
-    # Local FTL hash does not exist on filesystem
-    if [[ "$1" == "FTL" ]]; then
-        echo "N/A"
-        return 0
-    fi
-
-    # Get the short hash of the local repository
-    local directory="${1}"
-    local hash
-
-    cd "${directory}" 2> /dev/null || { echo "${DEFAULT}"; return 1; }
-    hash=$(git rev-parse --short HEAD || echo "$DEFAULT")
-    if [[ "${hash}" == "${DEFAULT}" ]]; then
-        echo "ERROR"
-        return 1
-    else
-        echo "${hash}"
-    fi
-    return 0
+    case ${1} in
+        "Pi-hole"   )  echo "${CORE_HASH:=N/A}";;
+        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${WEB_HASH:=N/A}";;
+        "FTL"       )  echo "${FTL_HASH:=N/A}";;
+    esac
 }
 
 getRemoteHash(){
-    # Remote FTL hash is not applicable
-    if [[ "$1" == "FTL" ]]; then
-        echo "N/A"
-        return 0
-    fi
-
-    local daemon="${1}"
-    local branch="${2}"
-
-    hash=$(git ls-remote --heads "https://github.com/pi-hole/${daemon}" | \
-        awk -v bra="$branch" '$0~bra {print substr($0,0,8);exit}')
-    if [[ -n "$hash" ]]; then
-        echo "$hash"
-    else
-        echo "ERROR"
-        return 1
-    fi
-    return 0
+    case ${1} in
+        "Pi-hole"   )  echo "${GITHUB_CORE_HASH:=N/A}";;
+        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${GITHUB_WEB_HASH:=N/A}";;
+        "FTL"       )  echo "${GITHUB_FTL_HASH:=N/A}";;
+    esac
 }
 
 getRemoteVersion(){
-    # Get the version from the remote origin
-    local daemon="${1}"
-    local version
-    local cachedVersions
-    local arrCache
-    cachedVersions="/etc/pihole/GitHubVersions"
-
-    #If the above file exists, then we can read from that. Prevents overuse of GitHub API
-    if [[ -f "$cachedVersions" ]]; then
-        IFS=' ' read -r -a arrCache < "$cachedVersions"
-        case $daemon in
-          "pi-hole"   )  echo "${arrCache[0]}";;
-          "AdminLTE"  )  echo "${arrCache[1]}";;
-          "FTL"       )  echo "${arrCache[2]}";;
-        esac
-
-        return 0
-    fi
-
-    version=$(curl --silent --fail "https://api.github.com/repos/pi-hole/${daemon}/releases/latest" | \
-        awk -F: '$1 ~/tag_name/ { print $2 }' | \
-        tr -cd '[[:alnum:]]._-')
-    if [[ "${version}" =~ ^v ]]; then
-        echo "${version}"
-    else
-        echo "ERROR"
-        return 1
-    fi
-    return 0
+    case ${1} in
+        "Pi-hole"   )  echo "${GITHUB_CORE_VERSION:=N/A}";;
+        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${GITHUB_WEB_VERSION:=N/A}";;
+        "FTL"       )  echo "${GITHUB_FTL_VERSION:=N/A}";;
+    esac
 }
 
 getLocalBranch(){
-    # Get the checked out branch of the local directory
-    local directory="${1}"
-    local branch
-
-     # Local FTL btranch is stored in /etc/pihole/ftlbranch
-    if [[ "$1" == "FTL" ]]; then
-        branch="$(pihole-FTL branch)"
-    else
-        cd "${directory}" 2> /dev/null || { echo "${DEFAULT}"; return 1; }
-        branch=$(git rev-parse --abbrev-ref HEAD || echo "$DEFAULT")
-    fi
-    if [[ ! "${branch}" =~ ^v ]]; then
-        if [[ "${branch}" == "master" ]]; then
-            echo ""
-        elif [[ "${branch}" == "HEAD" ]]; then
-            echo "in detached HEAD state at "
-        else
-            echo "${branch} "
-        fi
-    else
-        # Branch started in "v"
-        echo "release "
-    fi
-    return 0
+    case ${1} in
+        "Pi-hole"   )  echo "${CORE_BRANCH:=N/A}";;
+        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${WEB_BRANCH:=N/A}";;
+        "FTL"       )  echo "${FTL_BRANCH:=N/A}";;
+    esac
 }
 
 versionOutput() {
-    [[ "$1" == "pi-hole" ]] && GITDIR=$COREGITDIR
-    [[ "$1" == "AdminLTE" ]] && GITDIR=$WEBGITDIR
-    [[ "$1" == "FTL" ]] && GITDIR="FTL"
-
-    [[ "$2" == "-c" ]] || [[ "$2" == "--current" ]] || [[ -z "$2" ]] && current=$(getLocalVersion $GITDIR) && branch=$(getLocalBranch $GITDIR)
-    [[ "$2" == "-l" ]] || [[ "$2" == "--latest" ]] || [[ -z "$2" ]] && latest=$(getRemoteVersion "$1")
-    if [[ "$2" == "-h" ]] || [[ "$2" == "--hash" ]]; then
-        [[ "$3" == "-c" ]] || [[ "$3" == "--current" ]] || [[ -z "$3" ]] && curHash=$(getLocalHash "$GITDIR") && branch=$(getLocalBranch $GITDIR)
-        [[ "$3" == "-l" ]] || [[ "$3" == "--latest" ]] || [[ -z "$3" ]] && latHash=$(getRemoteHash "$1" "$(cd "$GITDIR" 2> /dev/null && git rev-parse --abbrev-ref HEAD)")
+    if [ "$1" = "AdminLTE" ] && [ "${INSTALL_WEB_INTERFACE}" != true ]; then
+        echo "  WebAdmin not installed"
+        return 1
     fi
-    if [[ -n "$current" ]] && [[ -n "$latest" ]]; then
-        output="${1^} version is $branch$current (Latest: $latest)"
-    elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then
-        output="Current ${1^} version is $branch$current."
-    elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then
-        output="Latest ${1^} version is $latest"
-    elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then
-        output="${1^} hash is not applicable"
-    elif [[ -n "$curHash" ]] && [[ -n "$latHash" ]]; then
-        output="${1^} hash is $curHash (Latest: $latHash)"
-    elif [[ -n "$curHash" ]] && [[ -z "$latHash" ]]; then
-        output="Current ${1^} hash is $curHash"
-    elif [[ -z "$curHash" ]] && [[ -n "$latHash" ]]; then
-        output="Latest ${1^} hash is $latHash"
+
+    [ "$2" = "-c" ] || [ "$2" = "--current" ] || [ -z "$2" ] && current=$(getLocalVersion "${1}") && branch=$(getLocalBranch "${1}")
+    [ "$2" = "-l" ] || [ "$2" = "--latest" ] || [ -z "$2" ] && latest=$(getRemoteVersion "${1}")
+    if [ "$2" = "--hash" ]; then
+        [ "$3" = "-c" ] || [ "$3" = "--current" ] || [ -z "$3" ] && curHash=$(getLocalHash "${1}") && branch=$(getLocalBranch "${1}")
+        [ "$3" = "-l" ] || [ "$3" = "--latest" ] || [ -z "$3" ] && latHash=$(getRemoteHash "${1}") && branch=$(getLocalBranch "${1}")
+    fi
+
+    # We do not want to show the branch name when we are on master,
+    # blank out the variable in this case
+    if [ "$branch" = "master" ]; then
+        branch=""
+    else
+        branch="$branch "
+    fi
+
+    if [ -n "$current" ] && [ -n "$latest" ]; then
+        output="${1} version is $branch$current (Latest: $latest)"
+    elif [ -n "$current" ] && [ -z "$latest" ]; then
+        output="Current ${1} version is $branch$current"
+    elif [ -z "$current" ] && [ -n "$latest" ]; then
+        output="Latest ${1} version is $latest"
+    elif [ -n "$curHash" ] && [ -n "$latHash" ]; then
+        output="Local ${1} hash is $curHash (Remote: $latHash)"
+    elif [ -n "$curHash" ] && [ -z "$latHash" ]; then
+        output="Current local ${1} hash is $curHash"
+    elif [ -z "$curHash" ] && [ -n "$latHash" ]; then
+        output="Latest remote ${1} hash is $latHash"
+    elif [ -z "$curHash" ] && [ -z "$latHash" ]; then
+        output="Hashes for ${1} not available"
     else
         errorOutput
+        return 1
     fi
 
-    [[ -n "$output" ]] && echo "  $output"
+    [ -n "$output" ] && echo "  $output"
 }
 
 errorOutput() {
@@ -177,13 +114,9 @@ errorOutput() {
 }
 
 defaultOutput() {
-    # Source the setupvars config file
-    # shellcheck disable=SC1091
-    source /etc/pihole/setupVars.conf
+    versionOutput "Pi-hole" "$@"
 
-    versionOutput "pi-hole" "$@"
-
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
+    if [ "${INSTALL_WEB_INTERFACE}" = true ]; then
         versionOutput "AdminLTE" "$@"
     fi
 
@@ -209,7 +142,7 @@ Options:
 }
 
 case "${1}" in
-    "-p" | "--pihole"    ) shift; versionOutput "pi-hole" "$@";;
+    "-p" | "--pihole"    ) shift; versionOutput "Pi-hole" "$@";;
     "-a" | "--admin"     ) shift; versionOutput "AdminLTE" "$@";;
     "-f" | "--ftl"       ) shift; versionOutput "FTL" "$@";;
     "-h" | "--help"      ) helpFunc;;

advanced/Scripts/webpage.sh

@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC1090
+# shellcheck disable=SC2154
+
 
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@@ -22,10 +24,13 @@ readonly gravityDBfile="/etc/pihole/gravity.db"
 
 # Source install script for ${setupVars}, ${PI_HOLE_BIN_DIR} and valid_ip()
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-# shellcheck disable=SC2034  # used in basic-install
-PH_TEST="true"
+# shellcheck disable=SC2034  # used in basic-install to source the script without running it
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 
+utilsfile="/opt/pihole/utils.sh"
+source "${utilsfile}"
+
 coltable="/opt/pihole/COL_TABLE"
 if [[ -f ${coltable} ]]; then
     source ${coltable}
@@ -37,57 +42,52 @@ Example: pihole -a -p password
 Set options for the Admin Console
 
 Options:
-  -p, password        Set Admin Console password
-  -c, celsius         Set Celsius as preferred temperature unit
-  -f, fahrenheit      Set Fahrenheit as preferred temperature unit
-  -k, kelvin          Set Kelvin as preferred temperature unit
-  -e, email           Set an administrative contact address for the Block Page
-  -h, --help          Show this help dialog
-  -i, interface       Specify dnsmasq's interface listening behavior
-  -l, privacylevel    Set privacy level (0 = lowest, 3 = highest)"
+  -p, password                    Set Admin Console password
+  -c, celsius                     Set Celsius as preferred temperature unit
+  -f, fahrenheit                  Set Fahrenheit as preferred temperature unit
+  -k, kelvin                      Set Kelvin as preferred temperature unit
+  -h, --help                      Show this help dialog
+  -i, interface                   Specify dnsmasq's interface listening behavior
+  -l, privacylevel                Set privacy level (0 = lowest, 3 = highest)
+  -t, teleporter                  Backup configuration as an archive
+  -t, teleporter myname.tar.gz    Backup configuration to archive with name myname.tar.gz as specified"
     exit 0
 }
 
 add_setting() {
-    echo "${1}=${2}" >> "${setupVars}"
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
 }
 
 delete_setting() {
-    sed -i "/${1}/d" "${setupVars}"
+    removeKey "${setupVars}" "${1}"
 }
 
 change_setting() {
-    delete_setting "${1}"
-    add_setting "${1}" "${2}"
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
 }
 
 addFTLsetting() {
-    echo "${1}=${2}" >> "${FTLconf}"
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
 }
 
 deleteFTLsetting() {
-    sed -i "/${1}/d" "${FTLconf}"
+    removeKey "${FTLconf}" "${1}"
 }
 
 changeFTLsetting() {
-    deleteFTLsetting "${1}"
-    addFTLsetting "${1}" "${2}"
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
 }
 
 add_dnsmasq_setting() {
-    if [[ "${2}" != "" ]]; then
-        echo "${1}=${2}" >> "${dnsmasqconfig}"
-    else
-        echo "${1}" >> "${dnsmasqconfig}"
-    fi
+    addOrEditKeyValPair "${dnsmasqconfig}" "${1}" "${2}"
 }
 
 delete_dnsmasq_setting() {
-    sed -i "/${1}/d" "${dnsmasqconfig}"
+    removeKey "${dnsmasqconfig}" "${1}"
 }
 
 SetTemperatureUnit() {
-    change_setting "TEMPERATUREUNIT" "${unit}"
+    addOrEditKeyValPair "${setupVars}" "TEMPERATUREUNIT" "${unit}"
     echo -e "  ${TICK} Set temperature unit to ${unit}"
 }
 
@@ -121,21 +121,21 @@ SetWebPassword() {
         read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
         echo ""
 
-    if [ "${PASSWORD}" == "" ]; then
-        change_setting "WEBPASSWORD" ""
-        echo -e "  ${TICK} Password Removed"
-        exit 0
-    fi
+        if [ "${PASSWORD}" == "" ]; then
+            addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" ""
+            echo -e "  ${TICK} Password Removed"
+            exit 0
+        fi
 
-    read -s -r -p "Confirm Password: " CONFIRM
-    echo ""
+        read -s -r -p "Confirm Password: " CONFIRM
+        echo ""
     fi
 
     if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
         # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax
         hash=$(HashPassword "$PASSWORD")
         # Save hash to file
-        change_setting "WEBPASSWORD" "${hash}"
+        addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" "${hash}"
         echo -e "  ${TICK} New password set"
     else
         echo -e "  ${CROSS} Passwords don't match. Your password has not been changed"
@@ -146,7 +146,7 @@ SetWebPassword() {
 ProcessDNSSettings() {
     source "${setupVars}"
 
-    delete_dnsmasq_setting "server"
+    removeKey "${dnsmasqconfig}" "server"
 
     COUNTER=1
     while true ; do
@@ -154,34 +154,34 @@ ProcessDNSSettings() {
         if [ -z "${!var}" ]; then
             break;
         fi
-        add_dnsmasq_setting "server" "${!var}"
+        addKey "${dnsmasqconfig}" "server=${!var}"
         (( COUNTER++ ))
     done
 
     # The option LOCAL_DNS_PORT is deprecated
     # We apply it once more, and then convert it into the current format
     if [ -n "${LOCAL_DNS_PORT}" ]; then
-        add_dnsmasq_setting "server" "127.0.0.1#${LOCAL_DNS_PORT}"
-        add_setting "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}"
-        delete_setting "LOCAL_DNS_PORT"
+        addOrEditKeyValPair "${dnsmasqconfig}" "server" "127.0.0.1#${LOCAL_DNS_PORT}"
+        addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}"
+        removeKey "${setupVars}" "LOCAL_DNS_PORT"
     fi
 
-    delete_dnsmasq_setting "domain-needed"
-    delete_dnsmasq_setting "expand-hosts"
+    removeKey "${dnsmasqconfig}" "domain-needed"
+    removeKey "${dnsmasqconfig}" "expand-hosts"
 
     if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
-        add_dnsmasq_setting "domain-needed"
-        add_dnsmasq_setting "expand-hosts"
+        addKey "${dnsmasqconfig}" "domain-needed"
+        addKey "${dnsmasqconfig}" "expand-hosts"
     fi
 
-    delete_dnsmasq_setting "bogus-priv"
+    removeKey "${dnsmasqconfig}" "bogus-priv"
 
     if [[ "${DNS_BOGUS_PRIV}" == true ]]; then
-        add_dnsmasq_setting "bogus-priv"
+        addKey "${dnsmasqconfig}" "bogus-priv"
     fi
 
-    delete_dnsmasq_setting "dnssec"
-    delete_dnsmasq_setting "trust-anchor="
+    removeKey "${dnsmasqconfig}" "dnssec"
+    removeKey "${dnsmasqconfig}" "trust-anchor"
 
     if [[ "${DNSSEC}" == true ]]; then
         echo "dnssec
@@ -189,48 +189,56 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
 " >> "${dnsmasqconfig}"
     fi
 
-    delete_dnsmasq_setting "host-record"
+    removeKey "${dnsmasqconfig}" "host-record"
 
     if [ -n "${HOSTRECORD}" ]; then
-        add_dnsmasq_setting "host-record" "${HOSTRECORD}"
+        addOrEditKeyValPair "${dnsmasqconfig}" "host-record" "${HOSTRECORD}"
     fi
 
     # Setup interface listening behavior of dnsmasq
-    delete_dnsmasq_setting "interface"
-    delete_dnsmasq_setting "local-service"
+    removeKey "${dnsmasqconfig}" "interface"
+    removeKey "${dnsmasqconfig}" "local-service"
+    removeKey "${dnsmasqconfig}" "except-interface"
+    removeKey "${dnsmasqconfig}" "bind-interfaces"
 
     if [[ "${DNSMASQ_LISTENING}" == "all" ]]; then
         # Listen on all interfaces, permit all origins
-        add_dnsmasq_setting "except-interface" "nonexisting"
+        addOrEditKeyValPair "${dnsmasqconfig}" "except-interface" "nonexisting"
     elif [[ "${DNSMASQ_LISTENING}" == "local" ]]; then
         # Listen only on all interfaces, but only local subnets
-        add_dnsmasq_setting "local-service"
+        addKey "${dnsmasqconfig}" "local-service"
     else
+        # Options "bind" and "single"
         # Listen only on one interface
         # Use eth0 as fallback interface if interface is missing in setupVars.conf
         if [ -z "${PIHOLE_INTERFACE}" ]; then
             PIHOLE_INTERFACE="eth0"
         fi
 
-        add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}"
+        addOrEditKeyValPair "${dnsmasqconfig}" "interface" "${PIHOLE_INTERFACE}"
+
+        if [[ "${DNSMASQ_LISTENING}" == "bind" ]]; then
+            # Really bind to interface
+            addKey "${dnsmasqconfig}" "bind-interfaces"
+        fi
     fi
 
     if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then
         # Convert legacy "conditional forwarding" to rev-server configuration
         # Remove any existing REV_SERVER settings
-        delete_setting "REV_SERVER"
-        delete_setting "REV_SERVER_DOMAIN"
-        delete_setting "REV_SERVER_TARGET"
-        delete_setting "REV_SERVER_CIDR"
+        removeKey "${setupVars}" "REV_SERVER"
+        removeKey "${setupVars}" "REV_SERVER_DOMAIN"
+        removeKey "${setupVars}" "REV_SERVER_TARGET"
+        removeKey "${setupVars}" "REV_SERVER_CIDR"
 
         REV_SERVER=true
-        add_setting "REV_SERVER" "true"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"
 
         REV_SERVER_DOMAIN="${CONDITIONAL_FORWARDING_DOMAIN}"
-        add_setting "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"
 
         REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}"
-        add_setting "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"
 
         #Convert CONDITIONAL_FORWARDING_REVERSE if necessary e.g:
         #          1.1.168.192.in-addr.arpa to 192.168.1.1/32
@@ -246,8 +254,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
                 3   )   REV_SERVER_CIDR="${arrRev[0]}.0.0.0/8";;
             esac
         else
-          # Set REV_SERVER_CIDR to whatever value it was set to
-          REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}"
+            # Set REV_SERVER_CIDR to whatever value it was set to
+            REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}"
         fi
 
         # If REV_SERVER_CIDR is not converted by the above, then use the REV_SERVER_TARGET variable to derive it
@@ -257,38 +265,43 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
             # shellcheck disable=2001
             REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")"
         fi
-        add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
 
         # Remove obsolete settings from setupVars.conf
-        delete_setting "CONDITIONAL_FORWARDING"
-        delete_setting "CONDITIONAL_FORWARDING_REVERSE"
-        delete_setting "CONDITIONAL_FORWARDING_DOMAIN"
-        delete_setting "CONDITIONAL_FORWARDING_IP"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_REVERSE"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_DOMAIN"
+        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_IP"
     fi
 
+    removeKey "${dnsmasqconfig}" "rev-server"
+
     if [[ "${REV_SERVER}" == true ]]; then
-        add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
+        addKey "${dnsmasqconfig}" "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
         if [ -n "${REV_SERVER_DOMAIN}" ]; then
-            add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
+            # Forward local domain names to the CF target, too
+            addKey "${dnsmasqconfig}" "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
         fi
-    fi
 
-    # Prevent Firefox from automatically switching over to DNS-over-HTTPS
-    # This follows https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
-    # (sourced 7th September 2019)
-    add_dnsmasq_setting "server=/use-application-dns.net/"
+        if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then
+            # Forward unqualified names to the CF target only when the "never
+            # forward non-FQDN" option is unticked
+            addKey "${dnsmasqconfig}" "server=//${REV_SERVER_TARGET}"
+        fi
+
+    fi
 
     # We need to process DHCP settings here as well to account for possible
     # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf
     # as we don't want to delete all local=/.../ lines so it's much safer to
     # simply rewrite the entire corresponding config file (which is what the
-    # DHCP settings subroutie is doing)
+    # DHCP settings subroutine is doing)
     ProcessDHCPSettings
 }
 
 SetDNSServers() {
     # Save setting to file
-    delete_setting "PIHOLE_DNS"
+    removeKey "${setupVars}" "PIHOLE_DNS"
     IFS=',' read -r -a array <<< "${args[2]}"
     for index in "${!array[@]}"
     do
@@ -297,7 +310,7 @@ SetDNSServers() {
         ip="${array[index]//\\#/#}"
 
         if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-            add_setting "PIHOLE_DNS_$((index+1))" "${ip}"
+            addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_$((index+1))" "${ip}"
         else
             echo -e "  ${CROSS} Invalid IP has been passed"
             exit 1
@@ -305,30 +318,30 @@ SetDNSServers() {
     done
 
     if [[ "${args[3]}" == "domain-needed" ]]; then
-        change_setting "DNS_FQDN_REQUIRED" "true"
+        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "true"
     else
-        change_setting "DNS_FQDN_REQUIRED" "false"
+        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "false"
     fi
 
     if [[ "${args[4]}" == "bogus-priv" ]]; then
-        change_setting "DNS_BOGUS_PRIV" "true"
+        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "true"
     else
-        change_setting "DNS_BOGUS_PRIV" "false"
+        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "false"
     fi
 
     if [[ "${args[5]}" == "dnssec" ]]; then
-        change_setting "DNSSEC" "true"
+        addOrEditKeyValPair "${setupVars}" "DNSSEC" "true"
     else
-        change_setting "DNSSEC" "false"
+        addOrEditKeyValPair "${setupVars}" "DNSSEC" "false"
     fi
 
     if [[ "${args[6]}" == "rev-server" ]]; then
-        change_setting "REV_SERVER" "true"
-        change_setting "REV_SERVER_CIDR" "${args[7]}"
-        change_setting "REV_SERVER_TARGET" "${args[8]}"
-        change_setting "REV_SERVER_DOMAIN" "${args[9]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${args[7]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${args[8]}"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${args[9]}"
     else
-        change_setting "REV_SERVER" "false"
+        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "false"
     fi
 
     ProcessDNSSettings
@@ -338,11 +351,11 @@ SetDNSServers() {
 }
 
 SetExcludeDomains() {
-    change_setting "API_EXCLUDE_DOMAINS" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_DOMAINS" "${args[2]}"
 }
 
 SetExcludeClients() {
-    change_setting "API_EXCLUDE_CLIENTS" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_CLIENTS" "${args[2]}"
 }
 
 Poweroff(){
@@ -358,41 +371,36 @@ RestartDNS() {
 }
 
 SetQueryLogOptions() {
-    change_setting "API_QUERY_LOG_SHOW" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "API_QUERY_LOG_SHOW" "${args[2]}"
 }
 
 ProcessDHCPSettings() {
     source "${setupVars}"
 
     if [[ "${DHCP_ACTIVE}" == "true" ]]; then
-    interface="${PIHOLE_INTERFACE}"
+        interface="${PIHOLE_INTERFACE}"
 
-    # Use eth0 as fallback interface
-    if [ -z ${interface} ]; then
-        interface="eth0"
-    fi
+        # Use eth0 as fallback interface
+        if [ -z ${interface} ]; then
+            interface="eth0"
+        fi
 
-    if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
-        PIHOLE_DOMAIN="lan"
-        change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
-    fi
+        if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
+            PIHOLE_DOMAIN="lan"
+            addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+        fi
 
-    if [[ "${DHCP_LEASETIME}" == "0" ]]; then
-        leasetime="infinite"
-    elif [[ "${DHCP_LEASETIME}" == "" ]]; then
-        leasetime="24"
-        change_setting "DHCP_LEASETIME" "${leasetime}"
-    elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then
-        #Installation is affected by known bug, introduced in a previous version.
-        #This will automatically clean up setupVars.conf and remove the unnecessary "h"
-        leasetime="24"
-        change_setting "DHCP_LEASETIME" "${leasetime}"
-    else
-        leasetime="${DHCP_LEASETIME}h"
-    fi
+        if [[ "${DHCP_LEASETIME}" == "0" ]]; then
+            leasetime="infinite"
+        elif [[ "${DHCP_LEASETIME}" == "" ]]; then
+            leasetime="24h"
+            addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "24"
+        else
+            leasetime="${DHCP_LEASETIME}h"
+        fi
 
-    # Write settings to file
-    echo "###############################################################################
+        # Write settings to file
+        echo "###############################################################################
 #  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
 #            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
 ###############################################################################
@@ -402,34 +410,34 @@ dhcp-option=option:router,${DHCP_ROUTER}
 dhcp-leasefile=/etc/pihole/dhcp.leases
 #quiet-dhcp
 " > "${dhcpconfig}"
-    chmod 644 "${dhcpconfig}"
+        chmod 644 "${dhcpconfig}"
 
-    if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
-        echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
+        if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
+            echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
 
-        # When there is a Pi-hole domain set and "Never forward non-FQDNs" is
-        # ticked, we add `local=/domain/` to tell FTL that this domain is purely
-        # local and FTL may answer queries from /etc/hosts or DHCP but should
-        # never forward queries on that domain to any upstream servers
-        if  [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
-          echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
+            # When there is a Pi-hole domain set and "Never forward non-FQDNs" is
+            # ticked, we add `local=/domain/` to tell FTL that this domain is purely
+            # local and FTL may answer queries from /etc/hosts or DHCP but should
+            # never forward queries on that domain to any upstream servers
+            if  [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
+                echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
+            fi
         fi
-    fi
 
-    # Sourced from setupVars
-    # shellcheck disable=SC2154
-    if [[ "${DHCP_rapid_commit}" == "true" ]]; then
-        echo "dhcp-rapid-commit" >> "${dhcpconfig}"
-    fi
+        # Sourced from setupVars
+        # shellcheck disable=SC2154
+        if [[ "${DHCP_rapid_commit}" == "true" ]]; then
+            echo "dhcp-rapid-commit" >> "${dhcpconfig}"
+        fi
 
-    if [[ "${DHCP_IPv6}" == "true" ]]; then
-        echo "#quiet-dhcp6
+        if [[ "${DHCP_IPv6}" == "true" ]]; then
+            echo "#quiet-dhcp6
 #enable-ra
 dhcp-option=option6:dns-server,[::]
-dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime}
-ra-param=*,0,0
+dhcp-range=::,constructor:${interface},ra-names,ra-stateless,64
+
 " >> "${dhcpconfig}"
-    fi
+        fi
 
     else
         if [[ -f "${dhcpconfig}" ]]; then
@@ -439,24 +447,24 @@ ra-param=*,0,0
 }
 
 EnableDHCP() {
-    change_setting "DHCP_ACTIVE" "true"
-    change_setting "DHCP_START" "${args[2]}"
-    change_setting "DHCP_END" "${args[3]}"
-    change_setting "DHCP_ROUTER" "${args[4]}"
-    change_setting "DHCP_LEASETIME" "${args[5]}"
-    change_setting "PIHOLE_DOMAIN" "${args[6]}"
-    change_setting "DHCP_IPv6" "${args[7]}"
-    change_setting "DHCP_rapid_commit" "${args[8]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "true"
+    addOrEditKeyValPair "${setupVars}" "DHCP_START" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_END" "${args[3]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ROUTER" "${args[4]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${args[5]}"
+    addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${args[6]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_IPv6" "${args[7]}"
+    addOrEditKeyValPair "${setupVars}" "DHCP_rapid_commit" "${args[8]}"
 
     # Remove possible old setting from file
-    delete_dnsmasq_setting "dhcp-"
-    delete_dnsmasq_setting "quiet-dhcp"
+    removeKey "${dnsmasqconfig}" "dhcp-"
+    removeKey "${dnsmasqconfig}" "quiet-dhcp"
 
     # If a DHCP client claims that its name is "wpad", ignore that.
     # This fixes a security hole. see CERT Vulnerability VU#598349
     # We also ignore "localhost" as Windows behaves strangely if a
     # device claims this host name
-    add_dnsmasq_setting "dhcp-name-match=set:hostname-ignore,wpad
+    addKey "${dnsmasqconfig}" "dhcp-name-match=set:hostname-ignore,wpad
 dhcp-name-match=set:hostname-ignore,localhost
 dhcp-ignore-names=tag:hostname-ignore"
 
@@ -466,11 +474,11 @@ dhcp-ignore-names=tag:hostname-ignore"
 }
 
 DisableDHCP() {
-    change_setting "DHCP_ACTIVE" "false"
+    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "false"
 
     # Remove possible old setting from file
-    delete_dnsmasq_setting "dhcp-"
-    delete_dnsmasq_setting "quiet-dhcp"
+    removeKey "${dnsmasqconfig}" "dhcp-"
+    removeKey "${dnsmasqconfig}" "quiet-dhcp"
 
     ProcessDHCPSettings
 
@@ -478,11 +486,11 @@ DisableDHCP() {
 }
 
 SetWebUILayout() {
-    change_setting "WEBUIBOXEDLAYOUT" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "WEBUIBOXEDLAYOUT" "${args[2]}"
 }
 
 SetWebUITheme() {
-    change_setting "WEBTHEME" "${args[2]}"
+    addOrEditKeyValPair "${setupVars}" "WEBTHEME" "${args[2]}"
 }
 
 CheckUrl(){
@@ -509,13 +517,13 @@ CustomizeAdLists() {
 
     if CheckUrl "${address}"; then
         if [[ "${args[2]}" == "enable" ]]; then
-            sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
+            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
         elif [[ "${args[2]}" == "disable" ]]; then
-            sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
+            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
         elif [[ "${args[2]}" == "add" ]]; then
-            sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
+            pihole-FTL sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
         elif [[ "${args[2]}" == "del" ]]; then
-            sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
+            pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
         else
             echo "Not permitted"
             return 1
@@ -526,25 +534,6 @@ CustomizeAdLists() {
     fi
 }
 
-SetPrivacyMode() {
-    if [[ "${args[2]}" == "true" ]]; then
-        change_setting "API_PRIVACY_MODE" "true"
-    else
-        change_setting "API_PRIVACY_MODE" "false"
-    fi
-}
-
-ResolutionSettings() {
-    typ="${args[2]}"
-    state="${args[3]}"
-
-    if [[ "${typ}" == "forward" ]]; then
-        change_setting "API_GET_UPSTREAM_DNS_HOSTNAME" "${state}"
-    elif [[ "${typ}" == "clients" ]]; then
-        change_setting "API_GET_CLIENT_HOSTNAME" "${state}"
-    fi
-}
-
 AddDHCPStaticAddress() {
     mac="${args[2]}"
     ip="${args[3]}"
@@ -573,37 +562,6 @@ RemoveDHCPStaticAddress() {
 
 }
 
-SetAdminEmail() {
-    if [[ "${1}" == "-h" ]] || [[ "${1}" == "--help" ]]; then
-        echo "Usage: pihole -a email <address>
-Example: 'pihole -a email admin@address.com'
-Set an administrative contact address for the Block Page
-
-Options:
-  \"\"                  Empty: Remove admin contact
-  -h, --help          Show this help dialog"
-        exit 0
-    fi
-
-    if [[ -n "${args[2]}" ]]; then
-
-        # Sanitize email address in case of security issues
-        # Regex from https://stackoverflow.com/a/2138832/4065967
-        local regex
-        regex="^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\$"
-        if [[ ! "${args[2]}" =~ ${regex} ]]; then
-            echo -e "  ${CROSS} Invalid email address"
-            exit 0
-        fi
-
-        change_setting "ADMIN_EMAIL" "${args[2]}"
-        echo -e "  ${TICK} Setting admin contact to ${args[2]}"
-    else
-        change_setting "ADMIN_EMAIL" ""
-        echo -e "  ${TICK} Removing admin contact"
-    fi
-}
-
 SetListeningMode() {
     source "${setupVars}"
 
@@ -613,22 +571,26 @@ Example: 'pihole -a -i local'
 Specify dnsmasq's network interface listening behavior
 
 Interfaces:
-  local               Listen on all interfaces, but only allow queries from
-                      devices that are at most one hop away (local devices)
-  single              Listen only on ${PIHOLE_INTERFACE} interface
+  local               Only respond to queries from devices that
+                      are at most one hop away (local devices)
+  single              Respond only on interface ${PIHOLE_INTERFACE}
+  bind                Bind only on interface ${PIHOLE_INTERFACE}
   all                 Listen on all interfaces, permit all origins"
         exit 0
-  fi
+    fi
 
     if [[ "${args[2]}" == "all" ]]; then
         echo -e "  ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!"
-        change_setting "DNSMASQ_LISTENING" "all"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "all"
     elif [[ "${args[2]}" == "local" ]]; then
         echo -e "  ${INFO} Listening on all interfaces, permitting origins from one hop away (LAN)"
-        change_setting "DNSMASQ_LISTENING" "local"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "local"
+    elif [[ "${args[2]}" == "bind" ]]; then
+        echo -e "  ${INFO} Binding on interface ${PIHOLE_INTERFACE}"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "bind"
     else
         echo -e "  ${INFO} Listening only on interface ${PIHOLE_INTERFACE}"
-        change_setting "DNSMASQ_LISTENING" "single"
+        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "single"
     fi
 
     # Don't restart DNS server yet because other settings
@@ -641,12 +603,18 @@ Interfaces:
 }
 
 Teleporter() {
-    local datetimestamp
-    local host
-    datetimestamp=$(date "+%Y-%m-%d_%H-%M-%S")
-    host=$(hostname)
-    host="${host//./_}"
-    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-${host:-noname}-teleporter_${datetimestamp}.tar.gz"
+    local filename
+    filename="${args[2]}"
+    if [[ -z "${filename}" ]]; then
+        local datetimestamp
+        local host
+        datetimestamp=$(date "+%Y-%m-%d_%H-%M-%S")
+        host=$(hostname)
+        host="${host//./_}"
+        filename="pi-hole-${host:-noname}-teleporter_${datetimestamp}.tar.gz"
+    fi
+    # webroot is sourced from basic-install above
+    php "${webroot}/admin/scripts/pi-hole/php/teleporter.php" > "${filename}"
 }
 
 checkDomain()
@@ -659,6 +627,14 @@ checkDomain()
     echo "${validDomain}"
 }
 
+escapeDots()
+{
+    # SC suggest bashism ${variable//search/replace}
+    # shellcheck disable=SC2001
+    escaped=$(echo "$1" | sed 's/\./\\./g')
+    echo "${escaped}"
+}
+
 addAudit()
 {
     shift # skip "-a"
@@ -667,33 +643,33 @@ addAudit()
     domains=""
     for domain in "$@"
     do
-      # Check domain to be added. Only continue if it is valid
-      validDomain="$(checkDomain "${domain}")"
-      if [[ -n "${validDomain}" ]]; then
-        # Put comma in between domains when there is
-        # more than one domains to be added
-        # SQL INSERT allows adding multiple rows at once using the format
-        ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st');
-        if [[ -n "${domains}" ]]; then
-          domains="${domains},"
+        # Check domain to be added. Only continue if it is valid
+        validDomain="$(checkDomain "${domain}")"
+        if [[ -n "${validDomain}" ]]; then
+            # Put comma in between domains when there is
+            # more than one domains to be added
+            # SQL INSERT allows adding multiple rows at once using the format
+            ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st');
+            if [[ -n "${domains}" ]]; then
+                domains="${domains},"
+            fi
+            domains="${domains}('${domain}')"
         fi
-        domains="${domains}('${domain}')"
-      fi
     done
     # Insert only the domain here. The date_added field will be
     # filled with its default value (date_added = current timestamp)
-    sqlite3 "${gravityDBfile}" "INSERT INTO domain_audit (domain) VALUES ${domains};"
+    pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domain_audit (domain) VALUES ${domains};"
 }
 
 clearAudit()
 {
-    sqlite3 "${gravityDBfile}" "DELETE FROM domain_audit;"
+    pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domain_audit;"
 }
 
 SetPrivacyLevel() {
     # Set privacy level. Minimum is 0, maximum is 3
     if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
-        changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
+        addOrEditKeyValPair "${FTLconf}" "PRIVACYLEVEL" "${args[2]}"
         pihole restartdns reload-lists
     fi
 }
@@ -703,10 +679,25 @@ AddCustomDNSAddress() {
 
     ip="${args[2]}"
     host="${args[3]}"
-	echo "${ip} ${host}" >> "${dnscustomfile}"
+    reload="${args[4]}"
 
-    # Restart dnsmasq to load new custom DNS entries
-    RestartDNS
+    validHost="$(checkDomain "${host}")"
+    if [[ -n "${validHost}" ]]; then
+        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
+            echo "${ip} ${validHost}" >> "${dnscustomfile}"
+        else
+            echo -e "  ${CROSS} Invalid IP has been passed"
+            exit 1
+        fi
+    else
+        echo "  ${CROSS} Invalid Domain passed!"
+        exit 1
+    fi
+
+    # Restart dnsmasq to load new custom DNS entries only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+        RestartDNS
+    fi
 }
 
 RemoveCustomDNSAddress() {
@@ -714,16 +705,26 @@ RemoveCustomDNSAddress() {
 
     ip="${args[2]}"
     host="${args[3]}"
+    reload="${args[4]}"
 
-    if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-        sed -i "/${ip} ${host}/d" "${dnscustomfile}"
+    validHost="$(checkDomain "${host}")"
+    if [[ -n "${validHost}" ]]; then
+        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
+            validHost=$(escapeDots "${validHost}")
+            sed -i "/^${ip} ${validHost}$/Id" "${dnscustomfile}"
+        else
+            echo -e "  ${CROSS} Invalid IP has been passed"
+            exit 1
+        fi
     else
-        echo -e "  ${CROSS} Invalid IP has been passed"
+        echo "  ${CROSS} Invalid Domain passed!"
         exit 1
     fi
 
-    # Restart dnsmasq to update removed custom DNS entries
-    RestartDNS
+    # Restart dnsmasq to load new custom DNS entries only if reload is not false
+    if [[ ! $reload == "false" ]]; then
+        RestartDNS
+    fi
 }
 
 AddCustomCNAMERecord() {
@@ -731,11 +732,30 @@ AddCustomCNAMERecord() {
 
     domain="${args[2]}"
     target="${args[3]}"
+    reload="${args[4]}"
 
-    echo "cname=${domain},${target}" >> "${dnscustomcnamefile}"
-
-    # Restart dnsmasq to load new custom CNAME records
-    RestartDNS
+    validDomain="$(checkDomain "${domain}")"
+    if [[ -n "${validDomain}" ]]; then
+        validTarget="$(checkDomain "${target}")"
+        if [[ -n "${validTarget}" ]]; then
+            if [ "${validDomain}" = "${validTarget}" ]; then
+                echo "  ${CROSS} Domain and target are the same. This would cause a DNS loop."
+                exit 1
+            else
+                echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}"
+            fi
+        else
+            echo "  ${CROSS} Invalid Target Passed!"
+            exit 1
+        fi
+    else
+        echo "  ${CROSS} Invalid Domain passed!"
+        exit 1
+    fi
+    # Restart dnsmasq to load new custom CNAME records only if reload is not false
+    if [[ ! $reload == "false" ]]; then
+        RestartDNS
+    fi
 }
 
 RemoveCustomCNAMERecord() {
@@ -743,12 +763,15 @@ RemoveCustomCNAMERecord() {
 
     domain="${args[2]}"
     target="${args[3]}"
+    reload="${args[4]}"
 
     validDomain="$(checkDomain "${domain}")"
     if [[ -n "${validDomain}" ]]; then
         validTarget="$(checkDomain "${target}")"
-        if [[ -n "${validDomain}" ]]; then
-            sed -i "/cname=${validDomain},${validTarget}/d" "${dnscustomcnamefile}"
+        if [[ -n "${validTarget}" ]]; then
+            validDomain=$(escapeDots "${validDomain}")
+            validTarget=$(escapeDots "${validTarget}")
+            sed -i "/^cname=${validDomain},${validTarget}$/Id" "${dnscustomcnamefile}"
         else
             echo "  ${CROSS} Invalid Target Passed!"
             exit 1
@@ -758,8 +781,27 @@ RemoveCustomCNAMERecord() {
         exit 1
     fi
 
-    # Restart dnsmasq to update removed custom CNAME records
-    RestartDNS
+    # Restart dnsmasq to update removed custom CNAME records only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+        RestartDNS
+    fi
+}
+
+SetRateLimit() {
+    local rate_limit_count rate_limit_interval reload
+    rate_limit_count="${args[2]}"
+    rate_limit_interval="${args[3]}"
+    reload="${args[4]}"
+
+    # Set rate-limit setting inf valid
+    if [ "${rate_limit_count}" -ge 0 ] && [ "${rate_limit_interval}" -ge 0 ]; then
+        addOrEditKeyValPair "${FTLconf}" "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}"
+    fi
+
+    # Restart FTL to update rate-limit settings only if $reload not false
+    if [[ ! $reload == "false" ]]; then
+        RestartDNS
+    fi
 }
 
 main() {
@@ -782,11 +824,8 @@ main() {
         "layout"              ) SetWebUILayout;;
         "theme"               ) SetWebUITheme;;
         "-h" | "--help"       ) helpFunc;;
-        "privacymode"         ) SetPrivacyMode;;
-        "resolve"             ) ResolutionSettings;;
         "addstaticdhcp"       ) AddDHCPStaticAddress;;
         "removestaticdhcp"    ) RemoveDHCPStaticAddress;;
-        "-e" | "email"        ) SetAdminEmail "$3";;
         "-i" | "interface"    ) SetListeningMode "$@";;
         "-t" | "teleporter"   ) Teleporter;;
         "adlist"              ) CustomizeAdLists;;
@@ -797,6 +836,7 @@ main() {
         "removecustomdns"     ) RemoveCustomDNSAddress;;
         "addcustomcname"      ) AddCustomCNAMERecord;;
         "removecustomcname"   ) RemoveCustomCNAMERecord;;
+        "ratelimit"           ) SetRateLimit;;
         *                     ) helpFunc;;
     esac
 

advanced/Scripts/wildcard_regex_converter.sh

@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Provides an automated migration subroutine to convert Pi-hole v3.x wildcard domains to Pi-hole v4.x regex filters
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-# regexFile set in gravity.sh
-
-wildcardFile="/etc/dnsmasq.d/03-pihole-wildcard.conf"
-
-convert_wildcard_to_regex() {
-    if [ ! -f "${wildcardFile}" ]; then
-        return
-    fi
-    local addrlines domains uniquedomains
-    # Obtain wildcard domains from old file
-    addrlines="$(grep -oE "/.*/" ${wildcardFile})"
-    # Strip "/" from domain names and convert "." to regex-compatible "\."
-    domains="$(sed 's/\///g;s/\./\\./g' <<< "${addrlines}")"
-    # Remove repeated domains (may have been inserted two times due to A and AAAA blocking)
-    uniquedomains="$(uniq <<< "${domains}")"
-    # Automatically generate regex filters and remove old wildcards file
-    awk '{print "(^|\\.)"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}"
-}

advanced/Templates/gravity.db.sql

@@ -57,7 +57,7 @@ CREATE TABLE info
 	value TEXT NOT NULL
 );
 
-INSERT INTO "info" VALUES('version','14');
+INSERT INTO "info" VALUES('version','15');
 
 CREATE TABLE domain_audit
 (
@@ -143,12 +143,10 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id
     LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
     WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1);
 
-CREATE VIEW vw_adlist AS SELECT DISTINCT address, adlist.id AS id
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
     FROM adlist
-    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = adlist.id
-    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
-    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1)
-    ORDER BY adlist.id;
+    WHERE enabled = 1
+    ORDER BY id;
 
 CREATE TRIGGER tr_domainlist_add AFTER INSERT ON domainlist
     BEGIN

advanced/Templates/gravity_copy.sql

@@ -12,14 +12,17 @@ INSERT OR REPLACE INTO "group" SELECT * FROM OLD."group";
 INSERT OR REPLACE INTO domain_audit SELECT * FROM OLD.domain_audit;
 
 INSERT OR REPLACE INTO domainlist SELECT * FROM OLD.domainlist;
+DELETE FROM OLD.domainlist_by_group WHERE domainlist_id NOT IN (SELECT id FROM OLD.domainlist);
 INSERT OR REPLACE INTO domainlist_by_group SELECT * FROM OLD.domainlist_by_group;
 
 INSERT OR REPLACE INTO adlist SELECT * FROM OLD.adlist;
+DELETE FROM OLD.adlist_by_group WHERE adlist_id NOT IN (SELECT id FROM OLD.adlist);
 INSERT OR REPLACE INTO adlist_by_group SELECT * FROM OLD.adlist_by_group;
 
 INSERT OR REPLACE INTO info SELECT * FROM OLD.info;
 
 INSERT OR REPLACE INTO client SELECT * FROM OLD.client;
+DELETE FROM OLD.client_by_group WHERE client_id NOT IN (SELECT id FROM OLD.client);
 INSERT OR REPLACE INTO client_by_group SELECT * FROM OLD.client_by_group;
 
 

advanced/Templates/logrotate

@@ -1,4 +1,4 @@
-/var/log/pihole.log {
+/var/log/pihole/pihole.log {
 	# su #
 	daily
 	copytruncate
@@ -9,7 +9,7 @@
 	nomail
 }
 
-/var/log/pihole-FTL.log {
+/var/log/pihole/FTL.log {
 	# su #
 	weekly
 	copytruncate

advanced/Templates/pihole-FTL-poststop.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env sh
+
+# Source utils.sh for getFTLPIDFile()
+PI_HOLE_SCRIPT_DIR='/opt/pihole'
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck disable=SC1090
+. "${utilsfile}"
+
+# Get file paths
+FTL_PID_FILE="$(getFTLPIDFile)"
+
+# Cleanup
+rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}"

advanced/Templates/pihole-FTL-prestart.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env sh
+
+# Source utils.sh for getFTLPIDFile()
+PI_HOLE_SCRIPT_DIR='/opt/pihole'
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck disable=SC1090
+. "${utilsfile}"
+
+# Get file paths
+FTL_PID_FILE="$(getFTLPIDFile)"
+
+# Touch files to ensure they exist (create if non-existing, preserve if existing)
+# shellcheck disable=SC2174
+mkdir -pm 0755 /run/pihole /var/log/pihole
+[ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
+[ -f /var/log/pihole/FTL.log ] || install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
+[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
+[ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
+# Ensure that permissions are set so that pihole-FTL can edit all necessary files
+chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
+# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
+chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log
+chmod -f 0640 /var/log/pihole/pihole.log
+# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
+chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
+# Chmod database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
+chmod -f 0664 /etc/pihole/pihole-FTL.db
+
+# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole
+# Should be removed with Pi-hole v6.0
+if [ ! -f /var/log/pihole.log ]; then
+    ln -sf /var/log/pihole/pihole.log /var/log/pihole.log
+    chown -h pihole:pihole /var/log/pihole.log
+fi
+if [ ! -f /var/log/pihole-FTL.log ]; then
+    ln -sf /var/log/pihole/FTL.log /var/log/pihole-FTL.log
+    chown -h pihole:pihole /var/log/pihole-FTL.log
+fi

advanced/Templates/pihole-FTL.conf

@@ -0,0 +1,2 @@
+#; Pi-hole FTL config file
+#; Comments should start with #; to avoid issues with PHP and bash reading this file

advanced/Templates/pihole-FTL.service

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 ### BEGIN INIT INFO
 # Provides:          pihole-FTL
 # Required-Start:    $remote_fs $syslog $network
@@ -9,11 +9,23 @@
 # Description:       Enable service provided by pihole-FTL daemon
 ### END INIT INFO
 
-FTLUSER=pihole
-PIDFILE=/run/pihole-FTL.pid
+# Source utils.sh for getFTLPIDFile(), getFTLPID()
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck disable=SC1090
+. "${utilsfile}"
+
 
 is_running() {
-    pgrep -o "pihole-FTL" > /dev/null 2>&1
+  if [ -d "/proc/${FTL_PID}" ]; then
+    return 0
+  fi
+  return 1
+}
+
+cleanup() {
+    # Run post-stop script, which does cleanup among runtime files
+    sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-poststop.sh"
 }
 
 
@@ -22,28 +34,20 @@ start() {
   if is_running; then
     echo "pihole-FTL is already running"
   else
-    # Touch files to ensure they exist (create if non-existing, preserve if existing)
-    touch /var/log/pihole-FTL.log /var/log/pihole.log
-    touch /run/pihole-FTL.pid /run/pihole-FTL.port
-    touch /etc/pihole/dhcp.leases
-    mkdir -p /run/pihole
-    mkdir -p /var/log/pihole
-    chown pihole:pihole /run/pihole /var/log/pihole
-    # Remove possible leftovers from previous pihole-FTL processes
-    rm -f /dev/shm/FTL-* 2> /dev/null
-    rm /run/pihole/FTL.sock 2> /dev/null
-    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
-    chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
-    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null
-    chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log
-    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
-    chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null
-    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then
-      su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
+    # Run pre-start script, which pre-creates all expected files with correct permissions
+    sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-prestart.sh"
+
+    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
+      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
     else
       echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
-      pihole-FTL
+      /usr/bin/pihole-FTL
+    fi
+    rc=$?
+    # Cleanup if startup failed
+    if [ "${rc}" != 0 ]; then
+        cleanup
+        exit $rc
     fi
     echo
   fi
@@ -52,27 +56,27 @@ start() {
 # Stop the service
 stop() {
   if is_running; then
-    pkill -o pihole-FTL
-    for i in {1..5}; do
+    kill "${FTL_PID}"
+    for i in 1 2 3 4 5; do
       if ! is_running; then
         break
       fi
 
-      echo -n "."
+      printf "."
       sleep 1
     done
     echo
 
     if is_running; then
       echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
-      pkill -o -9 pihole-FTL
-      exit 1
+      kill -9 "${FTL_PID}"
     else
       echo "Stopped"
     fi
   else
     echo "Not running"
   fi
+  cleanup
   echo
 }
 
@@ -89,6 +93,16 @@ status() {
 
 
 ### main logic ###
+
+# catch sudden termination
+trap 'cleanup; exit 1' INT HUP TERM ABRT
+
+# Get FTL's PID file path
+FTL_PID_FILE="$(getFTLPIDFile)"
+
+# Get FTL's current PID
+FTL_PID="$(getFTLPID "${FTL_PID_FILE}")"
+
 case "$1" in
   stop)
         stop
@@ -101,7 +115,7 @@ case "$1" in
         start
         ;;
   *)
-        echo $"Usage: $0 {start|stop|restart|reload|status}"
+        echo "Usage: $0 {start|stop|restart|reload|status}"
         exit 1
 esac
 

advanced/Templates/pihole-FTL.systemd

@@ -0,0 +1,41 @@
+[Unit]
+Description=Pi-hole FTL
+# This unit is supposed to indicate when network functionality is available, but it is only
+# very weakly defined what that is supposed to mean, with one exception: at shutdown, a unit
+# that is ordered after network-online.target will be stopped before the network
+Wants=network-online.target
+After=network-online.target
+# A target that should be used as synchronization point for all host/network name service lookups.
+# All services for which the availability of full host/network name resolution is essential should
+# be ordered after this target, but not pull it in.
+Wants=nss-lookup.target
+Before=nss-lookup.target
+
+# Limit (re)start loop to 5 within 1 minute
+StartLimitBurst=5
+StartLimitIntervalSec=60s
+
+[Service]
+User=pihole
+PermissionsStartOnly=true
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN
+
+ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
+ExecStart=/usr/bin/pihole-FTL -f
+Restart=on-failure
+RestartSec=5s
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh
+
+# Use graceful shutdown with a reasonable timeout
+TimeoutStopSec=10s
+
+# Make /usr, /boot, /etc and possibly some more folders read-only...
+ProtectSystem=full
+# ... except /etc/pihole
+# This merely retains r/w access rights, it does not add any new.
+# Must still be writable on the host!
+ReadWriteDirectories=/etc/pihole
+
+[Install]
+WantedBy=multi-user.target

advanced/Templates/pihole.cron

@@ -18,7 +18,7 @@
 #          early morning. Download any updates from the adlists
 #          Squash output to log, then splat the log to stdout on error to allow for
 #          standard crontab job error handling.
-59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
+59 1    * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log
 
 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
@@ -26,11 +26,8 @@
 #          parameter "quiet": don't print messages
 00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
 
-@reboot root /usr/sbin/logrotate /etc/pihole/logrotate
+@reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate
 
-# Pi-hole: Grab local version and branch every 10 minutes
-*/10 *  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local
-
-# Pi-hole: Grab remote version every 24 hours
-59 17  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote
-@reboot root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote reboot
+# Pi-hole: Grab remote and local version every 24 hours
+59 17  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker
+@reboot root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker reboot

advanced/bash-completion/pihole

@@ -15,7 +15,7 @@ _pihole() {
 			COMPREPLY=( $(compgen -W "${opts_lists}" -- ${cur}) )
 		;;
 		"admin")
-			opts_admin="celsius email fahrenheit interface kelvin password privacylevel"
+			opts_admin="celsius fahrenheit interface kelvin password privacylevel"
 			COMPREPLY=( $(compgen -W "${opts_admin}" -- ${cur}) )
 		;;
 		"checkout")

advanced/blockingpage.css

@@ -1,455 +0,0 @@
-/* Pi-hole: A black hole for Internet advertisements
-*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-*  Network-wide ad blocking via your own hardware.
-*
-*  This file is copyright under the latest version of the EUPL.
-*  Please see LICENSE file for your rights under this license. */
-
-/* Text Customisation Options ======> */
-.title::before { content: "Website Blocked"; }
-.altBtn::before { content: "Why am I here?"; }
-.linkPH::before { content: "About Pi-hole"; }
-.linkEmail::before { content: "Contact Admin"; }
-
-#bpOutput.add::before { content: "Info"; }
-#bpOutput.add::after { content: "The domain is being whitelisted..."; }
-#bpOutput.error::before, .unhandled::before { content: "Error"; }
-#bpOutput.unhandled::after { content: "An unhandled exception occurred. This may happen when your browser is unable to load jQuery, or when the webserver is denying access to the Pi-hole API."; }
-#bpOutput.success::before { content: "Success"; }
-#bpOutput.success::after { content: "Website has been whitelisted! You may need to flush your DNS cache"; }
-
-.recentwl::before { content: "This site has been whitelisted. Please flush your DNS cache and/or restart your browser."; }
-.unknown::before { content: "This website is not found in any of Pi-hole's blacklists. The reason you have arrived here is unknown."; }
-.cname::before { content: "This site is an alias for "; } /* <a href="http://cname.com">cname.com</a> */
-.cname::after { content: ", which may be blocked by Pi-hole."; }
-
-.blacklist::before { content: "Manually Blacklisted"; }
-.wildcard::before { content: "Manually Blacklisted by Wildcard"; }
-.noblock::before { content: "Not found on any Blacklist"; }
-
-#bpBlock::before { content: "Access to the following website has been denied:"; }
-#bpFlag::before { content: "This is primarily due to being flagged as:"; }
-
-#bpHelpTxt::before { content: "If you have an ongoing use for this website, please "; }
-#bpHelpTxt a::before, #bpHelpTxt span::before { content: "ask the administrator"; }
-#bpHelpTxt::after{ content: " of the Pi-hole on this network to have it whitelisted"; }
-
-#bpBack::before { content: "Back to safety"; }
-#bpInfo::before { content: "Technical Info"; }
-#bpFoundIn::before { content: "This site is found in "; }
-#bpFoundIn span::after { content: " of "; }
-#bpFoundIn::after { content: " lists:"; }
-#bpWhitelist::before { content: "Whitelist"; }
-
-footer span::before { content: "Page generated on "; }
-
-/* Hide whitelisting form entirely */
-/* #bpWLButtons { display: none; } */
-
-/* Text Customisation Options <=============================== */
-
-/* http://necolas.github.io/normalize.css ======> */
-html { font-family: sans-serif; line-height: 1.15; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; }
-body { margin: 0; }
-article, aside, footer, header, nav, section { display: block; }
-h1 { font-size: 2em; margin: 0.67em 0; }
-figcaption, figure, main { display: block; }
-figure { margin: 1em 40px; }
-hr { box-sizing: content-box; height: 0; overflow: visible; }
-pre { font-family: monospace, monospace; font-size: 1em; }
-a { background-color: transparent; -webkit-text-decoration-skip: objects; }
-a:active, a:hover { outline-width: 0; }
-abbr[title] { border-bottom: none; text-decoration: underline; text-decoration: underline dotted; }
-b, strong { font-weight: inherit; }
-b, strong { font-weight: bolder; }
-code, kbd, samp { font-family: monospace, monospace; font-size: 1em; }
-dfn { font-style: italic; }
-mark { background-color: #ff0; color: #000; }
-small { font-size: 80%; }
-sub, sup { font-size: 75%; line-height: 0; position: relative; vertical-align: baseline; }
-sub { bottom: -0.25em; }
-sup { top: -0.5em; }
-audio, video { display: inline-block; }
-audio:not([controls]) { display: none; height: 0; }
-img { border-style: none; }
-svg:not(:root) { overflow: hidden; }
-button, input, optgroup, select, textarea { font-family: sans-serif; font-size: 100%; line-height: 1.15; margin: 0; }
-button, input { overflow: visible; }
-button, select { text-transform: none; }
-button, html [type="button"], [type="reset"], [type="submit"] { -webkit-appearance: button; }
-button::-moz-focus-inner, [type="button"]::-moz-focus-inner, [type="reset"]::-moz-focus-inner, [type="submit"]::-moz-focus-inner { border-style: none; padding: 0; }
-button:-moz-focusring, [type="button"]:-moz-focusring, [type="reset"]:-moz-focusring, [type="submit"]:-moz-focusring { outline: 1px dotted ButtonText; }
-fieldset { border: 1px solid #c0c0c0; margin: 0 2px; padding: 0.35em 0.625em 0.75em; }
-legend { box-sizing: border-box; color: inherit; display: table; max-width: 100%; padding: 0; white-space: normal; }
-progress { display: inline-block; vertical-align: baseline; }
-textarea { overflow: auto; }
-[type="checkbox"], [type="radio"] { box-sizing: border-box; padding: 0; }
-[type="number"]::-webkit-inner-spin-button, [type="number"]::-webkit-outer-spin-button { height: auto; }
-[type="search"] { -webkit-appearance: textfield; outline-offset: -2px; }
-[type="search"]::-webkit-search-cancel-button, [type="search"]::-webkit-search-decoration { -webkit-appearance: none; }
-::-webkit-file-upload-button { -webkit-appearance: button; font: inherit; }
-details, menu { display: block; }
-summary { display: list-item; }
-canvas { display: inline-block; }
-template { display: none; }
-[hidden] { display: none; }
-/* Normalize.css <=============================== */
-
-html { font-size: 62.5%; }
-
-a { color: #3c8dbc; text-decoration: none; }
-a:hover { color: #72afda; text-decoration: underline; }
-b { color: rgb(68, 68, 68); }
-p { margin: 0; }
-
-label, .buttons a {
-  -webkit-user-select: none;
-  -moz-user-select: none;
-  -ms-user-select: none;
-  user-select: none;
-}
-
-label, .buttons *:not([disabled]) { cursor: pointer; }
-
-/* Touch device dark tap highlight */
-header h1 a, label, .buttons * { -webkit-tap-highlight-color: transparent; }
-
-/* Webkit Focus Glow */
-textarea, input, button { outline: none; }
-
-@font-face {
-  font-family: "Source Sans Pro";
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local("Source Sans Pro Regular"), local("SourceSansPro-Regular"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff2") format("woff2"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-regular.woff") format("woff");
-}
-
-@font-face {
-  font-family: "Source Sans Pro";
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local("Source Sans Pro Bold"), local("SourceSansPro-Bold"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff2") format("woff2"),
-       url("/admin/style/vendor/SourceSansPro/source-sans-pro-v13-latin-700.woff") format("woff");
-}
-
-body {
-  background: #dbdbdb url("/admin/img/boxed-bg.jpg") repeat fixed;
-  color: #333;
-  font: 1.4rem "Source Sans Pro", "Helvetica Neue", Helvetica, Arial, sans-serif;
-  line-height: 2.2rem;
-}
-
-/* User is greeted with a splash page when browsing to Pi-hole IP address */
-#splashpage {
-  background: #222;
-  color: rgba(255, 255, 255, 0.7);
-  text-align: center;
-  width: 100%;
-  height: 100%;
-  display: flex;
-  align-items: center;
-  justify-content: center;
-}
-
-#splashpage img { margin: 5px; width: 256px; }
-#splashpage b { color: inherit; }
-
-#bpWrapper {
-  margin: 0 auto;
-  max-width: 1250px;
-  box-shadow: 0 0 8px rgba(0, 0, 0, 0.5);
-}
-
-header {
-  background: #3c8dbc;
-  display: table;
-  position: relative;
-  width: 100%;
-}
-
-header h1, header h1 a, header .spc, header #bpAlt label {
-  display: table-cell;
-  color: #fff;
-  white-space: nowrap;
-  vertical-align: middle;
-  height: 50px; /* Must match #bpAbout top value */
-}
-
-h1 a {
-  background-color: rgba(0, 0, 0, 0.1);
-  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
-  font-size: 2rem;
-  font-weight: 400;
-  min-width: 230px;
-  text-align: center;
-}
-
-h1 a:hover, header #bpAlt:hover { background-color: rgba(0, 0, 0, 0.12); color: inherit; text-decoration: none; }
-
-header .spc { width: 100%; }
-
-header #bpAlt label {
-  background: url("/admin/img/logo.svg") no-repeat center left 15px;
-  background-size: 15px 23px;
-  padding: 0 15px;
-  text-indent: 30px;
-}
-
-[type="checkbox"][id$="Toggle"] { display: none; }
-[type="checkbox"][id$="Toggle"]:checked ~ #bpAbout,
-[type="checkbox"][id$="Toggle"]:checked ~ #bpMoreInfo {
-  display: block;
-}
-
-html, body {
-    height: 100%;
-}
-
-#pihole_card {
-    width: 400px;
-    height: auto;
-    max-width: 400px;
-}
-
-    #pihole_card p, #pihole_card a {
-        font-size: 13pt;
-        text-align: center;
-    }
-
-#pihole_logo_splash {
-    height: auto;
-    width: 100%;
-}
-
-/* Click anywhere else on screen to hide #bpAbout */
-#bpAboutToggle:checked {
-  display: block;
-  height: 300px; /* VH Fallback */
-  height: 100vh;
-  left: 0;
-  top: 0;
-  opacity: 0;
-  position: absolute;
-  width: 100%;
-}
-
-#bpAbout {
-  background: #3c8dbc;
-  border-bottom-left-radius: 5px;
-  border: 1px solid #fff;
-  border-right-width: 0;
-  box-shadow: -1px 1px 1px rgba(0, 0, 0, 0.12);
-  box-sizing: border-box;
-  display: none;
-  font-size: 1.7rem;
-  top: 50px;
-  position: absolute;
-  right: 0;
-  width: 280px;
-  z-index: 1;
-}
-
-.aboutPH {
-  box-sizing: border-box;
-  color: rgba(255, 255, 255, 0.8);
-  display: block;
-  padding: 10px;
-  width: 100%;
-  text-align: center;
-}
-
-.aboutImg {
-  background: url("/admin/img/logo.svg") no-repeat center;
-  background-size: 90px 90px;
-  height: 90px;
-  margin: 0 auto;
-  padding: 2px;
-  width: 90px;
-}
-
-.aboutPH p { margin: 10px 0; }
-.aboutPH small { display: block; font-size: 1.2rem; }
-
-.aboutLink {
-  background: #fff;
-  border-top: 1px solid #ddd;
-  display: table;
-  font-size: 1.4rem;
-  text-align: center;
-  width: 100%;
-}
-
-.aboutLink a {
-  display: table-cell;
-  padding: 14px;
-  min-width: 50%;
-}
-
-main {
-  background: #ecf0f5;
-  font-size: 1.65rem;
-  padding: 10px;
-}
-
-#bpOutput {
-  background: #00c0ef;
-  border-radius: 3px;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  color: #fff;
-  font-size: 1.4rem;
-  margin-bottom: 10px;
-  margin-top: 5px;
-  padding: 15px;
-}
-
-#bpOutput::before {
-  background: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='7' height='14' viewBox='0 0 7 14'%3E%3Cpath fill='%23fff' d='M6 11a1.371 1.371 0 011 1v1a1.371 1.371 0 01-1 1H1a1.371 1.371 0 01-1-1v-1a1.371 1.371 0 011-1h1V8H1a1.371 1.371 0 01-1-1V6a1.371 1.371 0 011-1h3a1.371 1.371 0 011 1v5h1zM3.5 0A1.5 1.5 0 112 1.5 1.5 1.5 0 013.5 0z'/%3E%3C/svg%3E") no-repeat center left;
-  display: block;
-  font-size: 1.8rem;
-  text-indent: 15px;
-}
-
-#bpOutput.hidden { display: none; }
-#bpOutput.success { background: #00a65a; }
-#bpOutput.error { background: #dd4b39; }
-
-.blockMsg, .flagMsg {
-  font: 700 1.8rem Consolas, Courier, monospace;
-  padding: 5px 10px 10px;
-  text-indent: 15px;
-}
-
-#bpHelpTxt { padding-bottom: 10px; }
-
-.buttons {
-  border-spacing: 5px 0;
-  display: table;
-  width: 100%;
-}
-
-.buttons * {
-  -moz-appearance: none;
-  -webkit-appearance: none;
-  border-radius: 3px;
-  border: 1px solid rgba(0, 0, 0, 0.1);
-  box-sizing: content-box;
-  display: table-cell;
-  font-size: 1.65rem;
-  margin-right: 5px;
-  min-height: 20px;
-  padding: 6px 12px;
-  position: relative;
-  text-align: center;
-  vertical-align: top;
-  white-space: nowrap;
-  width: auto;
-}
-
-.buttons a:hover { text-decoration: none; }
-
-/* Button hover dark overlay */
-.buttons *:not(input):not([disabled]):hover {
-  background-image: linear-gradient(to bottom, rgba(0, 0, 0, 0.1), rgba(0, 0, 0, 0.1));
-  color: #fff;
-}
-
-/* Button active shadow inset */
-.buttons *:not([disabled]):not(input):active {
-  box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
-}
-
-/* Input border color */
-.buttons *:not([disabled]):hover, .buttons input:focus {
-  border-color: rgba(0, 0, 0, 0.25);
-}
-
-#bpButtons *  { width: 50%; color: #fff; }
-#bpBack       { background-color: #00a65a; }
-#bpInfo       { background-color: #3c8dbc; }
-#bpWhitelist  { background-color: #dd4b39; }
-
-#blockpage .buttons [type="password"][disabled] { color: rgba(0, 0, 0, 1); }
-#blockpage .buttons [disabled] { color: rgba(0, 0, 0, 0.55); background-color: #e3e3e3; }
-#blockpage .buttons [type="password"]:-ms-input-placeholder { color: rgba(51, 51, 51, 0.8); }
-
-input[type="password"] { font-size: 1.5rem; }
-
-@-webkit-keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
-
-@keyframes slidein { from { max-height: 0; opacity: 0; } to { max-height: 300px; opacity: 1; } }
-#bpMoreToggle:checked ~ #bpMoreInfo { display: block; margin-top: 8px; -webkit-animation: slidein 0.05s linear; animation: slidein 0.05s linear; }
-#bpMoreInfo { display: none; margin-top: 10px; }
-
-#bpQueryOutput {
-  font-size: 1.2rem;
-  line-height: 1.65rem;
-  margin: 5px 0 0;
-  overflow: auto;
-  padding: 0 5px;
-  -webkit-overflow-scrolling: touch;
-}
-
-#bpQueryOutput span { margin-right: 4px; }
-
-#bpWLButtons { width: auto; margin-top: 10px; }
-#bpWLButtons * { display: inline-block; }
-#bpWLDomain { display: none; }
-#bpWLPassword { width: 160px; }
-#bpWhitelist { color: #fff; }
-
-footer {
-  background: #fff;
-  border-top: 1px solid #d2d6de;
-  color: #444;
-  font: 1.2rem Consolas, Courier, monospace;
-  padding: 8px;
-}
-
-/* Responsive Content */
-@media only screen and (max-width: 500px) {
-  h1 a {
-        font-size: 1.8rem;
-        min-width: 170px;
-    }
-
-    footer span::before {
-        content: "Generated ";
-    }
-
-    footer span {
-        display: block;
-    }
-}
-
-@media only screen and (min-width: 1251px) {
-  #bpWrapper, footer {
-        border-radius: 0 0 5px 5px;
-    }
-
-    #bpAbout {
-        border-right-width: 1px;
-    }
-}
-
-@media only screen and (max-width: 400px) {
-    #pihole_card {
-        width: 100%;
-        height: auto;
-    }
-
-        #pihole_card p, #pihole_card a {
-            font-size: 100%;
-        }
-}
-
-@media only screen and (max-width: 256px) {
-    #pihole_logo_splash {
-        width: 90% !important;
-        height: auto;
-    }
-}

advanced/cmdline.txt

@@ -1 +0,0 @@
-dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fbcon=map:10 fbcon=font:VGA8x8 consoleblank=0

advanced/console-setup

@@ -1,17 +0,0 @@
-# CONFIGURATION FILE FOR SETUPCON
-
-# Consult the console-setup(5) manual page.
-
-ACTIVE_CONSOLES="/dev/tty[1-6]"
-
-CHARMAP="UTF-8"
-
-# For best results with the Adafruit 2.8 LCD and Pi-hole's chronometer
-CODESET="guess"
-FONTFACE="Terminus"
-FONTSIZE="10x20"
-
-VIDEOMODE=
-
-# The following is an example how to use a braille font
-# FONT='lat9w-08.psf.gz brl-8x8.psf'

advanced/dnsmasq.conf.original

@@ -507,7 +507,7 @@
 # (using /etc/hosts) then that name can be specified as the
 # tftp_servername (the third option to dhcp-boot) and in that
 # case dnsmasq resolves this name and returns the resultant IP
-# addresses in round robin fasion. This facility can be used to
+# addresses in round robin fashion. This facility can be used to
 # load balance the tftp load among a set of servers.
 #dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
 

advanced/index.php

@@ -1,395 +0,0 @@
-<?php
-/* Pi-hole: A black hole for Internet advertisements
-*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-*  Network-wide ad blocking via your own hardware.
-*
-*  This file is copyright under the latest version of the EUPL.
-*  Please see LICENSE file for your rights under this license. */
-
-// Sanitize SERVER_NAME output
-$serverName = htmlspecialchars($_SERVER["SERVER_NAME"]);
-// Remove external ipv6 brackets if any
-$serverName = preg_replace('/^\[(.*)\]$/', '${1}', $serverName);
-
-if (!is_file("/etc/pihole/setupVars.conf"))
-  die("[ERROR] File not found: <code>/etc/pihole/setupVars.conf</code>");
-
-// Get values from setupVars.conf
-$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
-$svPasswd = !empty($setupVars["WEBPASSWORD"]);
-$svEmail = (!empty($setupVars["ADMIN_EMAIL"]) && filter_var($setupVars["ADMIN_EMAIL"], FILTER_VALIDATE_EMAIL)) ? $setupVars["ADMIN_EMAIL"] : "";
-unset($setupVars);
-
-// Set landing page location, found within /var/www/html/
-$landPage = "../landing.php";
-
-// Define array for hostnames to be accepted as self address for splash page
-$authorizedHosts = [ "localhost" ];
-if (!empty($_SERVER["FQDN"])) {
-    // If setenv.add-environment = ("fqdn" => "true") is configured in lighttpd,
-    // append $serverName to $authorizedHosts
-    array_push($authorizedHosts, $serverName);
-} else if (!empty($_SERVER["VIRTUAL_HOST"])) {
-    // Append virtual hostname to $authorizedHosts
-    array_push($authorizedHosts, $_SERVER["VIRTUAL_HOST"]);
-}
-
-// Set which extension types render as Block Page (Including "" for index.ext)
-$validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
-
-// Get extension of current URL
-$currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
-
-// Set mobile friendly viewport
-$viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1">';
-
-// Set response header
-function setHeader($type = "x") {
-    header("X-Pi-hole: A black hole for Internet advertisements.");
-    if (isset($type) && $type === "js") header("Content-Type: application/javascript");
-}
-
-// Determine block page type
-if ($serverName === "pi.hole"
-    || (!empty($_SERVER["VIRTUAL_HOST"]) && $serverName === $_SERVER["VIRTUAL_HOST"])) {
-    // Redirect to Web Interface
-    exit(header("Location: /admin"));
-} elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
-    // When directly browsing via IP or authorized hostname
-    // Render splash/landing page based off presence of $landPage file
-    // Unset variables so as to not be included in $landPage or $splashPage
-    unset($svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt);
-    // If $landPage file is present
-    if (is_file(getcwd()."/$landPage")) {
-        unset($serverName, $viewPort); // unset extra variables not to be included in $landpage
-        include $landPage;
-        exit();
-    }
-    // If $landPage file was not present, Set Splash Page output
-    $splashPage = <<<EOT
-    <!doctype html>
-    <html lang='en'>
-        <head>
-            <meta charset='utf-8'>
-            $viewPort
-            <title>● $serverName</title>
-            <link rel='stylesheet' href='pihole/blockingpage.css'>
-            <link rel='shortcut icon' href='admin/img/favicons/favicon.ico' type='image/x-icon'>
-        </head>
-        <body id='splashpage'>
-            <div id="pihole_card">
-              <img src='admin/img/logo.svg' alt='Pi-hole logo id="pihole_logo_splash" />
-              <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
-              <a href='/admin'>Did you mean to go to the admin panel?</a>
-            </div>
-        </body>
-    </html>
-EOT;
-    exit($splashPage);
-} elseif ($currentUrlExt === "js") {
-    // Serve Pi-hole JavaScript for blocked domains requesting JS
-    exit(setHeader("js").'var x = "Pi-hole: A black hole for Internet advertisements."');
-} elseif (strpos($_SERVER["REQUEST_URI"], "?") !== FALSE && isset($_SERVER["HTTP_REFERER"])) {
-    // Serve blank image upon receiving REQUEST_URI w/ query string & HTTP_REFERRER
-    // e.g: An iframe of a blocked domain
-    exit(setHeader().'<!doctype html>
-    <html lang="en">
-        <head>
-            <meta charset="utf-8"><script>window.close();</script>
-        </head>
-        <body>
-            <img src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=">
-        </body>
-    </html>');
-} elseif (!in_array($currentUrlExt, $validExtTypes) || substr_count($_SERVER["REQUEST_URI"], "?")) {
-    // Serve SVG upon receiving non $validExtTypes URL extension or query string
-    // e.g: Not an iframe of a blocked domain, such as when browsing to a file/query directly
-    // QoL addition: Allow the SVG to be clicked on in order to quickly show the full Block Page
-    $blockImg = '<a href="/">
-    <svg xmlns="http://www.w3.org/2000/svg" width="110" height="16">
-      <circle cx="8" cy="8" r="7" fill="none" stroke="rgba(152,2,2,.5)" stroke-width="2"/>
-      <path fill="rgba(152,2,2,.5)" d="M11.526 3.04l1.414 1.415-8.485 8.485-1.414-1.414z"/>
-      <text x="19.3" y="12" opacity=".3" style="font:11px Arial">
-        Blocked by Pi-hole
-      </text>
-    </svg>
-    </a>';
-    exit(setHeader()."<!doctype html>
-    <html lang='en'>
-        <head>
-            <meta charset='utf-8'>
-            $viewPort
-        </head>
-        <body>$blockImg</body>
-    </html>");
-}
-
-/* Start processing Block Page from here */
-
-// Define admin email address text based off $svEmail presence
-$bpAskAdmin = !empty($svEmail) ? '<a href="mailto:'.$svEmail.'?subject=Site Blocked: '.$serverName.'"></a>' : "<span/>";
-
-// Get possible non-standard location of FTL's database
-$FTLsettings = parse_ini_file("/etc/pihole/pihole-FTL.conf");
-if (isset($FTLsettings["GRAVITYDB"])) {
-    $gravityDBFile = $FTLsettings["GRAVITYDB"];
-} else {
-    $gravityDBFile = "/etc/pihole/gravity.db";
-}
-
-// Connect to gravity.db
-try {
-    $db = new SQLite3($gravityDBFile, SQLITE3_OPEN_READONLY);
-} catch (Exception $exception) {
-    die("[ERROR]: Failed to connect to gravity.db");
-}
-
-// Get all adlist addresses
-$adlistResults = $db->query("SELECT address FROM vw_adlist");
-$adlistsUrls = array();
-while ($row = $adlistResults->fetchArray()) {
-    array_push($adlistsUrls, $row[0]);
-}
-
-if (empty($adlistsUrls))
-    die("[ERROR]: There are no adlists enabled");
-
-// Get total number of blocklists (Including Whitelist, Blacklist & Wildcard lists)
-$adlistsCount = count($adlistsUrls) + 3;
-
-// Set query timeout
-ini_set("default_socket_timeout", 3);
-
-// Logic for querying blocklists
-function queryAds($serverName) {
-    // Determine the time it takes while querying adlists
-    $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
-    $queryAdsURL = sprintf(
-        "http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
-        $_SERVER["SERVER_PORT"],
-        $serverName
-    );
-    $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
-    $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
-    $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
-
-    // Exception Handling
-    try {
-        // Define Exceptions
-        if (strpos($queryAds[0], "No exact results") !== FALSE) {
-            // Return "none" into $queryAds array
-            return array("0" => "none");
-        } else if ($queryTime >= ini_get("default_socket_timeout")) {
-            // Connection Timeout
-            throw new Exception ("Connection timeout (".ini_get("default_socket_timeout")."s)");
-        } elseif (!strpos($queryAds[0], ".") !== false) {
-            // Unknown $queryAds output
-            throw new Exception ("Unhandled error message (<code>$queryAds[0]</code>)");
-        }
-        return $queryAds;
-    } catch (Exception $e) {
-        // Return exception as array
-        return array("0" => "error", "1" => $e->getMessage());
-    }
-}
-
-// Get results of queryads.php exact search
-$queryAds = queryAds($serverName);
-
-// Pass error through to Block Page
-if ($queryAds[0] === "error")
-    die("[ERROR]: Unable to parse results from <i>queryads.php</i>: <code>".$queryAds[1]."</code>");
-
-// Count total number of matching blocklists
-$featuredTotal = count($queryAds);
-
-// Place results into key => value array
-$queryResults = null;
-foreach ($queryAds as $str) {
-    $value = explode(" ", $str);
-    @$queryResults[$value[0]] .= "$value[1]";
-}
-
-// Determine if domain has been blacklisted, whitelisted, wildcarded or CNAME blocked
-if (strpos($queryAds[0], "blacklist") !== FALSE) {
-    $notableFlagClass = "blacklist";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-} elseif (strpos($queryAds[0], "whitelist") !== FALSE) {
-    $notableFlagClass = "noblock";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-    $wlInfo = "recentwl";
-} elseif (strpos($queryAds[0], "wildcard") !== FALSE) {
-    $notableFlagClass = "wildcard";
-    $adlistsUrls = array("π" => substr($queryAds[0], 2));
-} elseif ($queryAds[0] === "none") {
-    $featuredTotal = "0";
-    $notableFlagClass = "noblock";
-
-    // QoL addition: Determine appropriate info message if CNAME exists
-    // Suggests to the user that $serverName has a CNAME (alias) that may be blocked
-    $dnsRecord = dns_get_record("$serverName")[0];
-    if (array_key_exists("target", $dnsRecord)) {
-        $wlInfo = $dnsRecord['target'];
-    } else {
-        $wlInfo = "unknown";
-    }
-}
-
-// Set #bpOutput notification
-$wlOutputClass = (isset($wlInfo) && $wlInfo === "recentwl") ? $wlInfo : "hidden";
-$wlOutput = (isset($wlInfo) && $wlInfo !== "recentwl") ? "<a href='http://$wlInfo'>$wlInfo</a>" : "";
-
-// Get Pi-hole Core version
-$phVersion = exec("cd /etc/.pihole/ && git describe --long --tags");
-
-// Print $execTime on development branches
-// Testing for - is marginally faster than "git rev-parse --abbrev-ref HEAD"
-if (explode("-", $phVersion)[1] != "0")
-  $execTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
-
-// Please Note: Text is added via CSS to allow an admin to provide a localized
-// language without the need to edit this file
-
-setHeader();
-?>
-<!doctype html>
-<!-- Pi-hole: A black hole for Internet advertisements
-*  (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-*  Network-wide ad blocking via your own hardware.
-*
-*  This file is copyright under the latest version of the EUPL. -->
-<html>
-<head>
-  <meta charset="utf-8">
-  <?=$viewPort ?>
-  <meta name="robots" content="noindex,nofollow">
-  <meta http-equiv="x-dns-prefetch-control" content="off">
-  <link rel="stylesheet" href="pihole/blockingpage.css">
-  <link rel="shortcut icon" href="admin/img/favicons/favicon.ico" type="image/x-icon">
-  <title>● <?=$serverName ?></title>
-  <script src="admin/scripts/vendor/jquery.min.js"></script>
-  <script>
-    window.onload = function () {
-      <?php
-      // Remove href fallback from "Back to safety" button
-      if ($featuredTotal > 0) {
-        echo '$("#bpBack").removeAttr("href");';
-
-        // Enable whitelisting if JS is available
-        echo '$("#bpWhitelist").prop("disabled", false);';
-
-        // Enable password input if necessary
-        if (!empty($svPasswd)) {
-          echo '$("#bpWLPassword").attr("placeholder", "Password");';
-          echo '$("#bpWLPassword").prop("disabled", false);';
-        }
-        // Otherwise hide the input
-        else {
-          echo '$("#bpWLPassword").hide();';
-        }
-      }
-      ?>
-    }
-  </script>
-</head>
-<body id="blockpage"><div id="bpWrapper">
-<header>
-  <h1 id="bpTitle">
-    <a class="title" href="/"><?php //Website Blocked ?></a>
-  </h1>
-  <div class="spc"></div>
-
-  <input id="bpAboutToggle" type="checkbox">
-  <div id="bpAbout">
-    <div class="aboutPH">
-      <div class="aboutImg"></div>
-      <p>Open Source Ad Blocker
-        <small>Designed for Raspberry Pi</small>
-      </p>
-    </div>
-    <div class="aboutLink">
-      <a class="linkPH" href="https://docs.pi-hole.net/"><?php //About PH ?></a>
-      <?php if (!empty($svEmail)) echo '<a class="linkEmail" href="mailto:'.$svEmail.'"></a>'; ?>
-    </div>
-  </div>
-
-  <div id="bpAlt">
-    <label class="altBtn" for="bpAboutToggle"><?php //Why am I here? ?></label>
-  </div>
-</header>
-
-<main>
-  <div id="bpOutput" class="<?=$wlOutputClass ?>"><?=$wlOutput ?></div>
-  <div id="bpBlock">
-    <p class="blockMsg"><?=$serverName ?></p>
-  </div>
-  <?php if(isset($notableFlagClass)) { ?>
-    <div id="bpFlag">
-        <p class="flagMsg <?=$notableFlagClass ?>"></p>
-    </div>
-  <?php } ?>
-  <div id="bpHelpTxt"><?=$bpAskAdmin ?></div>
-  <div id="bpButtons" class="buttons">
-    <a id="bpBack" onclick="javascript:history.back()" href="about:home"></a>
-    <?php if ($featuredTotal > 0) echo '<label id="bpInfo" for="bpMoreToggle"></label>'; ?>
-  </div>
-  <input id="bpMoreToggle" type="checkbox">
-  <div id="bpMoreInfo">
-    <span id="bpFoundIn"><span><?=$featuredTotal ?></span><?=$adlistsCount ?></span>
-    <pre id='bpQueryOutput'><?php if ($featuredTotal > 0) foreach ($queryResults as $num => $value) { echo "<span>[$num]:</span>$adlistsUrls[$num]\n"; } ?></pre>
-
-    <form id="bpWLButtons" class="buttons">
-      <input id="bpWLDomain" type="text" value="<?=$serverName ?>" disabled>
-      <input id="bpWLPassword" type="password" placeholder="JavaScript disabled" disabled>
-      <button id="bpWhitelist" type="button" disabled></button>
-    </form>
-  </div>
-</main>
-
-<footer><span><?=date("l g:i A, F dS"); ?>.</span> Pi-hole <?=$phVersion ?> (<?=gethostname()."/".$_SERVER["SERVER_ADDR"]; if (isset($execTime)) printf("/%.2fs", $execTime); ?>)</footer>
-</div>
-
-<script>
-  function add() {
-    $("#bpOutput").removeClass("hidden error exception");
-    $("#bpOutput").addClass("add");
-    var domain = "<?=$serverName ?>";
-    var pw = $("#bpWLPassword");
-    if(domain.length === 0) {
-      return;
-    }
-    $.ajax({
-      url: "/admin/scripts/pi-hole/php/add.php",
-      method: "post",
-      data: {"domain":domain, "list":"white", "pw":pw.val()},
-      success: function(response) {
-        if(response.indexOf("Pi-hole blocking") !== -1) {
-          setTimeout(function(){window.location.reload(1);}, 10000);
-          $("#bpOutput").removeClass("add");
-          $("#bpOutput").addClass("success");
-          $("#bpOutput").html("");
-        } else {
-          $("#bpOutput").removeClass("add");
-          $("#bpOutput").addClass("error");
-          $("#bpOutput").html(""+response+"");
-        }
-      },
-      error: function(jqXHR, exception) {
-        $("#bpOutput").removeClass("add");
-        $("#bpOutput").addClass("exception");
-        $("#bpOutput").html("");
-      }
-    });
-  }
-  <?php if ($featuredTotal > 0) { ?>
-    $(document).keypress(function(e) {
-        if(e.which === 13 && $("#bpWLPassword").is(":focus")) {
-            add();
-        }
-    });
-    $("#bpWhitelist").on("click", function() {
-        add();
-    });
-  <?php } ?>
-</script>
-</body></html>

advanced/lighttpd.conf.debian

@@ -7,60 +7,44 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-###############################################################################
-#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#              CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE:              #
-#                         /etc/lighttpd/external.conf                         #
-###############################################################################
+###################################################################################################
+#   IF THIS HEADER EXISTS, THE FILE WILL BE OVERWRITTEN BY PI-HOLE'S UPDATE PROCEDURE.            #
+#   ANY CHANGES MADE TO THIS FILE WILL BE LOST ON THE NEXT UPDATE UNLESS YOU REMOVE THIS HEADER   #
+#                                                                                                 #
+#   ENSURE THAT YOU DO NOT REMOVE THE REQUIRED LINE:                                              #
+#                                                                                                 #
+#   include "/etc/lighttpd/conf-enabled/*.conf"                                                   #
+#                                                                                                 #
+###################################################################################################
 
 server.modules = (
     "mod_access",
-    "mod_accesslog",
     "mod_auth",
     "mod_expire",
-    "mod_compress",
     "mod_redirect",
     "mod_setenv",
     "mod_rewrite"
 )
 
 server.document-root        = "/var/www/html"
-server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "www-data"
 server.groupname            = "www-data"
+# For lighttpd version 1.4.46 or above, the port can be overwritten in `/etc/lighttpd/external.conf` using the := operator
+# e.g. server.port := 8000
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
-accesslog.format            = "%{%s}t|%V|%r|%s|%b"
+
+# Allow streaming response
+# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
+server.stream-response-body = 1
+#ssl.read-ahead              = "disable"
 
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
-compress.cache-dir = "/var/cache/lighttpd/compress/"
-compress.filetype  = (
-    "application/json",
-    "application/vnd.ms-fontobject",
-    "application/xml",
-    "font/eot",
-    "font/opentype",
-    "font/otf",
-    "font/ttf",
-    "image/bmp",
-    "image/svg+xml",
-    "image/vnd.microsoft.icon",
-    "image/x-icon",
-    "text/css",
-    "text/html",
-    "text/javascript",
-    "text/plain",
-    "text/xml"
-)
-
 mimetype.assign = (
     ".ico"   => "image/x-icon",
     ".jpeg"  => "image/jpeg",
@@ -81,35 +65,9 @@ mimetype.assign = (
     ".woff2" => "font/woff2"
 )
 
-# Add user chosen options held in external file
-# This uses include_shell instead of an include wildcard for compatibility
-include_shell "cat external.conf 2>/dev/null"
+# Add user chosen options held in (optional) external file
+include "external*.conf"
 
 # default listening port for IPv6 falls back to the IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-
-# Prevent Lighttpd from enabling Let's Encrypt SSL for every blocked domain
-#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"\n' 2>/dev/null"
-
-# If the URL starts with /admin, it is the Web interface
-$HTTP["url"] =~ "^/admin/" {
-    # Create a response header for debugging using curl -I
-    setenv.add-response-header = (
-        "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY"
-    )
-
-    $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
-        # Allow Block Page access to local fonts
-        setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
-    }
-}
-
-# Block . files from being served, such as .git, .github, .gitignore
-$HTTP["url"] =~ "^/admin/\.(.*)" {
-    url.access-deny = ("")
-}
-
-# Default expire header
-expire.url = ( "" => "access plus 0 seconds" )
+include "/etc/lighttpd/conf-enabled/*.conf"

advanced/lighttpd.conf.fedora

@@ -7,13 +7,15 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-###############################################################################
-#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#              CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE:              #
-#                         /etc/lighttpd/external.conf                         #
-###############################################################################
+###################################################################################################
+#   IF THIS HEADER EXISTS, THE FILE WILL BE OVERWRITTEN BY PI-HOLE'S UPDATE PROCEDURE.            #
+#   ANY CHANGES MADE TO THIS FILE WILL BE LOST ON THE NEXT UPDATE UNLESS YOU REMOVE THIS HEADER   #
+#                                                                                                 #
+#   ENSURE THAT YOU DO NOT REMOVE THE REQUIRED LINE:                                              #
+#                                                                                                 #
+#   include "/etc/lighttpd/conf.d/pihole-admin.conf"                                              #
+#                                                                                                 #
+###################################################################################################
 
 server.modules = (
     "mod_access",
@@ -21,47 +23,30 @@ server.modules = (
     "mod_expire",
     "mod_fastcgi",
     "mod_accesslog",
-    "mod_compress",
     "mod_redirect",
     "mod_setenv",
     "mod_rewrite"
 )
 
 server.document-root        = "/var/www/html"
-server.error-handler-404    = "/pihole/index.php"
 server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error.log"
+server.errorlog             = "/var/log/lighttpd/error-pihole.log"
 server.pid-file             = "/run/lighttpd.pid"
 server.username             = "lighttpd"
 server.groupname            = "lighttpd"
+# For lighttpd version 1.4.46 or above, the port can be overwritten in `/etc/lighttpd/external.conf` using the := operator
+# e.g. server.port := 8000
 server.port                 = 80
-accesslog.filename          = "/var/log/lighttpd/access.log"
-accesslog.format            = "%{%s}t|%V|%r|%s|%b"
+
+# Allow streaming response
+# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
+server.stream-response-body = 1
+#ssl.read-ahead              = "disable"
 
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 
-compress.cache-dir = "/var/cache/lighttpd/compress/"
-compress.filetype  = (
-    "application/json",
-    "application/vnd.ms-fontobject",
-    "application/xml",
-    "font/eot",
-    "font/opentype",
-    "font/otf",
-    "font/ttf",
-    "image/bmp",
-    "image/svg+xml",
-    "image/vnd.microsoft.icon",
-    "image/x-icon",
-    "text/css",
-    "text/html",
-    "text/javascript",
-    "text/plain",
-    "text/xml"
-)
-
 mimetype.assign = (
     ".ico"   => "image/x-icon",
     ".jpeg"  => "image/jpeg",
@@ -82,9 +67,8 @@ mimetype.assign = (
     ".woff2" => "font/woff2"
 )
 
-# Add user chosen options held in external file
-# This uses include_shell instead of an include wildcard for compatibility
-include_shell "cat external.conf 2>/dev/null"
+# Add user chosen options held in (optional) external file
+include "external*.conf"
 
 # default listening port for IPv6 falls back to the IPv4 port
 #include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
@@ -100,24 +84,4 @@ fastcgi.server = (
     )
 )
 
-# If the URL starts with /admin, it is the Web interface
-$HTTP["url"] =~ "^/admin/" {
-    # Create a response header for debugging using curl -I
-    setenv.add-response-header = (
-        "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY"
-    )
-
-    $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
-        # Allow Block Page access to local fonts
-        setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
-    }
-}
-
-# Block . files from being served, such as .git, .github, .gitignore
-$HTTP["url"] =~ "^/admin/\.(.*)" {
-    url.access-deny = ("")
-}
-
-# Default expire header
-expire.url = ( "" => "access plus 0 seconds" )
+include "/etc/lighttpd/conf.d/pihole-admin.conf"

advanced/pihole-admin.conf

@@ -0,0 +1,82 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Lighttpd config for Pi-hole
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+###############################################################################
+#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
+# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
+###############################################################################
+
+server.errorlog := "/var/log/lighttpd/error-pihole.log"
+
+$HTTP["url"] =~ "^/admin/" {
+    server.document-root = "/var/www/html"
+    server.stream-response-body = 1
+    accesslog.filename = "/var/log/lighttpd/access-pihole.log"
+    accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
+
+    fastcgi.server = (
+        ".php" => (
+            "localhost" => (
+                "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
+                "bin-path" => "/usr/bin/php-cgi",
+                "min-procs" => 1,
+                "max-procs" => 1,
+                "bin-environment" => (
+                    "PHP_FCGI_CHILDREN" => "4",
+                    "PHP_FCGI_MAX_REQUESTS" => "10000",
+                ),
+                "bin-copy-environment" => (
+                    "PATH", "SHELL", "USER"
+                ),
+                "broken-scriptfilename" => "enable",
+            )
+        )
+    )
+
+    # X-Pi-hole is a response header for debugging using curl -I
+    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
+    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
+    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
+    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
+    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
+    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
+    setenv.add-response-header = (
+        "X-Pi-hole" => "The Pi-hole Web interface is working!",
+        "X-Frame-Options" => "DENY",
+        "X-XSS-Protection" => "0",
+        "X-Content-Type-Options" => "nosniff",
+        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+        "X-Permitted-Cross-Domain-Policies" => "none",
+        "Referrer-Policy" => "same-origin"
+    )
+
+    # Block . files from being served, such as .git, .github, .gitignore
+    $HTTP["url"] =~ "^/admin/\." {
+        url.access-deny = ("")
+    }
+
+    # allow teleporter and API qr code iframe on settings page
+    $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
+        $HTTP["referer"] =~ "/admin/settings\.php" {
+            setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+        }
+    }
+}
+else $HTTP["url"] == "/admin" {
+    url.redirect = ("" => "/admin/")
+}
+
+$HTTP["host"] == "pi.hole" {
+    $HTTP["url"] == "/" {
+        url.redirect = ("" => "/admin/")
+    }
+}
+
+# (keep this on one line for basic-install.sh filtering during install)
+server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )

automated install/uninstall.sh

@@ -11,10 +11,9 @@
 source "/opt/pihole/COL_TABLE"
 
 while true; do
-    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " yn
-    case ${yn} in
+    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer
+    case ${answer} in
         [Yy]* ) break;;
-        [Nn]* ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
         * ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
     esac
 done
@@ -37,16 +36,16 @@ else
 fi
 
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-PH_TEST="true"
+SKIP_INSTALL="true"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 # setupVars set in basic-install.sh
 source "${setupVars}"
 
-# distro_check() sourced from basic-install.sh
-distro_check
+# package_manager_detect() sourced from basic-install.sh
+package_manager_detect
 
-# Install packages used by the Pi-hole
-DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}")
+# Uninstall packages used by the Pi-hole
+DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}" "${OS_CHECK_DEPS[@]}")
 if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
     # Install the Web dependencies
     DEPS+=("${PIHOLE_WEB_DEPS[@]}")
@@ -76,8 +75,8 @@ removeAndPurge() {
     for i in "${DEPS[@]}"; do
         if package_check "${i}" > /dev/null; then
             while true; do
-                read -rp "  ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " yn
-                case ${yn} in
+                read -rp "  ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " answer
+                case ${answer} in
                     [Yy]* )
                         echo -ne "  ${INFO} Removing ${i}...";
                         ${SUDO} "${PKG_REMOVE[@]}" "${i}" &> /dev/null;
@@ -113,7 +112,7 @@ removeNoPurge() {
         fi
     fi
     echo -e "${OVER}  ${TICK} Removed Web Interface"
- 
+
     # Attempt to preserve backwards compatibility with older versions
     # to guarantee no additional changes were made to /etc/crontab after
     # the installation of pihole, /etc/crontab.pihole should be permanently
@@ -132,6 +131,7 @@ removeNoPurge() {
     fi
 
     if package_check lighttpd > /dev/null; then
+        # Attempt to preserve backwards compatibility with older versions
         if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then
             ${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf
         fi
@@ -140,12 +140,37 @@ removeNoPurge() {
             ${SUDO} rm /etc/lighttpd/external.conf
         fi
 
+        # Fedora-based
+        if [[ -f /etc/lighttpd/conf.d/pihole-admin.conf ]]; then
+            ${SUDO} rm /etc/lighttpd/conf.d/pihole-admin.conf
+            conf=/etc/lighttpd/lighttpd.conf
+            tconf=/tmp/lighttpd.conf.$$
+            if awk '!/^include "\/etc\/lighttpd\/conf\.d\/pihole-admin\.conf"$/{print}' \
+              $conf > $tconf && mv $tconf $conf; then
+                :
+            else
+                rm $tconf
+            fi
+            ${SUDO} chown root:root $conf
+            ${SUDO} chmod 644 $conf
+        fi
+
+        # Debian-based
+        if [[ -f /etc/lighttpd/conf-available/pihole-admin.conf ]]; then
+            if is_command lighty-disable-mod ; then
+                ${SUDO} lighty-disable-mod pihole-admin > /dev/null || true
+            fi
+            ${SUDO} rm /etc/lighttpd/conf-available/15-pihole-admin.conf
+        fi
+
         echo -e "  ${TICK} Removed lighttpd configs"
     fi
 
     ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null
     ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null
+    ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null
     ${SUDO} rm -rf /var/log/*pihole* &> /dev/null
+    ${SUDO} rm -rf /var/log/pihole/*pihole* &> /dev/null
     ${SUDO} rm -rf /etc/pihole/ &> /dev/null
     ${SUDO} rm -rf /etc/.pihole/ &> /dev/null
     ${SUDO} rm -rf /opt/pihole/ &> /dev/null
@@ -168,6 +193,18 @@ removeNoPurge() {
         else
             service pihole-FTL stop
         fi
+        ${SUDO} rm -f /etc/systemd/system/pihole-FTL.service
+        if [[ -d '/etc/systemd/system/pihole-FTL.service.d' ]]; then
+            read -rp "  ${QST} FTL service override directory /etc/systemd/system/pihole-FTL.service.d detected. Do you wish to remove this from your system? [y/N] " answer
+            case $answer in
+                [yY]*)
+                    echo -ne "  ${INFO} Removing /etc/systemd/system/pihole-FTL.service.d..."
+                    ${SUDO} rm -R /etc/systemd/system/pihole-FTL.service.d
+                    echo -e "${OVER}  ${INFO} Removed /etc/systemd/system/pihole-FTL.service.d"
+                ;;
+                *) echo -e "  ${INFO} Leaving /etc/systemd/system/pihole-FTL.service.d in place.";;
+            esac
+        fi
         ${SUDO} rm -f /etc/init.d/pihole-FTL
         ${SUDO} rm -f /usr/bin/pihole-FTL
         echo -e "${OVER}  ${TICK} Removed pihole-FTL"
@@ -206,11 +243,7 @@ removeNoPurge() {
 }
 
 ######### SCRIPT ###########
-if command -v vcgencmd &> /dev/null; then
-    echo -e "  ${INFO} All dependencies are safe to remove on Raspbian"
-else
-    echo -e "  ${INFO} Be sure to confirm if any dependencies should not be removed"
-fi
+echo -e "  ${INFO} Be sure to confirm if any dependencies should not be removed"
 while true; do
     echo -e "  ${INFO} ${COL_YELLOW}The following dependencies may have been added by the Pi-hole install:"
     echo -n "    "
@@ -218,8 +251,8 @@ while true; do
         echo -n "${i} "
     done
     echo "${COL_NC}"
-    read -rp "  ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " yn
-    case ${yn} in
+    read -rp "  ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " answer
+    case ${answer} in
         [Yy]* ) removeAndPurge; break;;
         [Nn]* ) removeNoPurge; break;;
         * ) removeAndPurge; break;;

gravity.sh

@@ -15,8 +15,6 @@ export LC_ALL=C
 
 coltable="/opt/pihole/COL_TABLE"
 source "${coltable}"
-regexconverter="/opt/pihole/wildcard_regex_converter.sh"
-source "${regexconverter}"
 # shellcheck disable=SC1091
 source "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh"
 
@@ -42,27 +40,26 @@ gravityDBschema="${piholeGitDir}/advanced/Templates/gravity.db.sql"
 gravityDBcopy="${piholeGitDir}/advanced/Templates/gravity_copy.sql"
 
 domainsExtension="domains"
+curl_connect_timeout=10
 
 # Source setupVars from install script
 setupVars="${piholeDir}/setupVars.conf"
 if [[ -f "${setupVars}" ]];then
   source "${setupVars}"
-
-  # Remove CIDR mask from IPv4/6 addresses
-  IPV4_ADDRESS="${IPV4_ADDRESS%/*}"
-  IPV6_ADDRESS="${IPV6_ADDRESS%/*}"
-
-  # Determine if IPv4/6 addresses exist
-  if [[ -z "${IPV4_ADDRESS}" ]] && [[ -z "${IPV6_ADDRESS}" ]]; then
-    echo -e "  ${COL_LIGHT_RED}No IP addresses found! Please run 'pihole -r' to reconfigure${COL_NC}"
-    exit 1
-  fi
 else
   echo -e "  ${COL_LIGHT_RED}Installation Failure: ${setupVars} does not exist! ${COL_NC}
   Please run 'pihole -r', and choose the 'reconfigure' option to fix."
   exit 1
 fi
 
+# Set up tmp dir variable in case it's not configured
+: "${GRAVITY_TMPDIR:=/tmp}"
+
+if [ ! -d "${GRAVITY_TMPDIR}" ] || [ ! -w "${GRAVITY_TMPDIR}" ]; then
+  echo -e "  ${COL_LIGHT_RED}Gravity temporary directory does not exist or is not a writeable directory, falling back to /tmp. ${COL_NC}"
+  GRAVITY_TMPDIR="/tmp"
+fi
+
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
@@ -73,6 +70,8 @@ fi
 # have changed
 gravityDBfile="${GRAVITYDB}"
 gravityTEMPfile="${GRAVITYDB}_temp"
+gravityDIR="$(dirname -- "${gravityDBfile}")"
+gravityOLDfile="${gravityDIR}/gravity_old.db"
 
 if [[ -z "${BLOCKINGMODE}" ]] ; then
   BLOCKINGMODE="NULL"
@@ -83,19 +82,24 @@ if [[ -r "${piholeDir}/pihole.conf" ]]; then
   echo -e "  ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}"
 fi
 
-# Generate new sqlite3 file from schema template
+# Generate new SQLite3 file from schema template
 generate_gravity_database() {
-  sqlite3 "${1}" < "${gravityDBschema}"
+  if ! pihole-FTL sqlite3 "${gravityDBfile}" < "${gravityDBschema}"; then
+    echo -e "   ${CROSS} Unable to create ${gravityDBfile}"
+    return 1
+  fi
+  chown pihole:pihole "${gravityDBfile}"
+  chmod g+w "${piholeDir}" "${gravityDBfile}"
 }
 
 # Copy data from old to new database file and swap them
 gravity_swap_databases() {
-  local str copyGravity
+  local str copyGravity oldAvail
   str="Building tree"
   echo -ne "  ${INFO} ${str}..."
 
   # The index is intentionally not UNIQUE as poor quality adlists may contain domains more than once
-  output=$( { sqlite3 "${gravityTEMPfile}" "CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1 )
+  output=$( { pihole-FTL sqlite3 "${gravityTEMPfile}" "CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -107,30 +111,31 @@ gravity_swap_databases() {
   str="Swapping databases"
   echo -ne "  ${INFO} ${str}..."
 
-  # Gravity copying SQL script
-  copyGravity="$(cat "${gravityDBcopy}")"
-  if [[ "${gravityDBfile}" != "${gravityDBfile_default}" ]]; then
-    # Replace default gravity script location by custom location
-    copyGravity="${copyGravity//"${gravityDBfile_default}"/"${gravityDBfile}"}"
-  fi
-
-  output=$( { sqlite3 "${gravityTEMPfile}" <<< "${copyGravity}"; } 2>&1 )
-  status="$?"
-
-  if [[ "${status}" -ne 0 ]]; then
-    echo -e "\\n  ${CROSS} Unable to copy data from ${gravityDBfile} to ${gravityTEMPfile}\\n  ${output}"
-    return 1
+  # Swap databases and remove or conditionally rename old database
+  # Number of available blocks on disk
+  availableBlocks=$(stat -f --format "%a" "${gravityDIR}")
+  # Number of blocks, used by gravity.db
+  gravityBlocks=$(stat --format "%b" ${gravityDBfile})
+  # Only keep the old database if available disk space is at least twice the size of the existing gravity.db.
+  # Better be safe than sorry...
+  oldAvail=false
+  if [ "${availableBlocks}" -gt "$((gravityBlocks * 2))" ] && [ -f "${gravityDBfile}" ]; then
+    oldAvail=true
+    mv "${gravityDBfile}" "${gravityOLDfile}"
+  else
+    rm "${gravityDBfile}"
   fi
+  mv "${gravityTEMPfile}" "${gravityDBfile}"
   echo -e "${OVER}  ${TICK} ${str}"
 
-  # Swap databases and remove old database
-  rm "${gravityDBfile}"
-  mv "${gravityTEMPfile}" "${gravityDBfile}"
+  if $oldAvail; then
+    echo -e "  ${TICK} The old database remains available."
+  fi
 }
 
 # Update timestamp when the gravity table was last updated successfully
 update_gravity_timestamp() {
-  output=$( { printf ".timeout 30000\\nINSERT OR REPLACE INTO info (property,value) values ('updated',cast(strftime('%%s', 'now') as int));" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\nINSERT OR REPLACE INTO info (property,value) values ('updated',cast(strftime('%%s', 'now') as int));" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -140,15 +145,27 @@ update_gravity_timestamp() {
   return 0
 }
 
+# Update timestamp when the gravity table was last updated successfully
+set_abp_info() {
+  pihole-FTL sqlite3 "${gravityDBfile}" "INSERT OR REPLACE INTO info (property,value) VALUES ('abp_domains',${abp_domains});"
+  status="$?"
+
+  if [[ "${status}" -ne 0 ]]; then
+    echo -e "\\n  ${CROSS} Unable to update ABP domain status in database ${gravityDBfile}\\n  ${output}"
+    return 1
+  fi
+  return 0
+}
+
 # Import domains from file and store them in the specified database table
 database_table_from_file() {
   # Define locals
-  local table source backup_path backup_file tmpFile type
+  local table src backup_path backup_file tmpFile list_type
   table="${1}"
-  source="${2}"
+  src="${2}"
   backup_path="${piholeDir}/migration_backup"
   backup_file="${backup_path}/$(basename "${2}")"
-  tmpFile="$(mktemp -p "/tmp" --suffix=".gravity")"
+  tmpFile="$(mktemp -p "${GRAVITY_TMPDIR}" --suffix=".gravity")"
 
   local timestamp
   timestamp="$(date --utc +'%s')"
@@ -159,28 +176,28 @@ database_table_from_file() {
 
   # Special handling for domains to be imported into the common domainlist table
   if [[ "${table}" == "whitelist" ]]; then
-    type="0"
+    list_type="0"
     table="domainlist"
   elif [[ "${table}" == "blacklist" ]]; then
-    type="1"
+    list_type="1"
     table="domainlist"
   elif [[ "${table}" == "regex" ]]; then
-    type="3"
+    list_type="3"
     table="domainlist"
   fi
 
   # Get MAX(id) from domainlist when INSERTing into this table
   if [[ "${table}" == "domainlist" ]]; then
-    rowid="$(sqlite3 "${gravityDBfile}" "SELECT MAX(id) FROM domainlist;")"
+    rowid="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT MAX(id) FROM domainlist;")"
     if [[ -z "$rowid" ]]; then
       rowid=0
     fi
     rowid+=1
   fi
 
-  # Loop over all domains in ${source} file
+  # Loop over all domains in ${src} file
   # Read file line by line
-  grep -v '^ *#' < "${source}" | while IFS= read -r domain
+  grep -v '^ *#' < "${src}" | while IFS= read -r domain
   do
     # Only add non-empty lines
     if [[ -n "${domain}" ]]; then
@@ -189,10 +206,10 @@ database_table_from_file() {
         echo "${rowid},\"${domain}\",${timestamp}" >> "${tmpFile}"
       elif [[ "${table}" == "adlist" ]]; then
         # Adlist table format
-        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\",,0,0,0" >> "${tmpFile}"
+        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\",,0,0,0" >> "${tmpFile}"
       else
         # White-, black-, and regexlist table format
-        echo "${rowid},${type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\"" >> "${tmpFile}"
+        echo "${rowid},${list_type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${src}\"" >> "${tmpFile}"
       fi
       rowid+=1
     fi
@@ -201,18 +218,18 @@ database_table_from_file() {
   # Store domains in database table specified by ${table}
   # Use printf as .mode and .import need to be on separate lines
   # see https://unix.stackexchange.com/a/445615/83260
-  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" %s\\n" "${tmpFile}" "${table}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" %s\\n" "${tmpFile}" "${table}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
-    echo -e "\\n  ${CROSS} Unable to fill table ${table}${type} in database ${gravityDBfile}\\n  ${output}"
+    echo -e "\\n  ${CROSS} Unable to fill table ${table}${list_type} in database ${gravityDBfile}\\n  ${output}"
     gravity_Cleanup "error"
   fi
 
   # Move source file to backup directory, create directory if not existing
   mkdir -p "${backup_path}"
-  mv "${source}" "${backup_file}" 2> /dev/null || \
-      echo -e "  ${CROSS} Unable to backup ${source} to ${backup_path}"
+  mv "${src}" "${backup_file}" 2> /dev/null || \
+    echo -e "  ${CROSS} Unable to backup ${src} to ${backup_path}"
 
   # Delete tmpFile
   rm "${tmpFile}" > /dev/null 2>&1 || \
@@ -221,7 +238,7 @@ database_table_from_file() {
 
 # Update timestamp of last update of this list. We store this in the "old" database as all values in the new database will later be overwritten
 database_adlist_updated() {
-  output=$( { printf ".timeout 30000\\nUPDATE adlist SET date_updated = (cast(strftime('%%s', 'now') as int)) WHERE id = %i;\\n" "${1}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\nUPDATE adlist SET date_updated = (cast(strftime('%%s', 'now') as int)) WHERE id = %i;\\n" "${1}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -232,7 +249,7 @@ database_adlist_updated() {
 
 # Check if a column with name ${2} exists in gravity table with name ${1}
 gravity_column_exists() {
-  output=$( { printf ".timeout 30000\\nSELECT EXISTS(SELECT * FROM pragma_table_info('%s') WHERE name='%s');\\n" "${1}" "${2}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\nSELECT EXISTS(SELECT * FROM pragma_table_info('%s') WHERE name='%s');\\n" "${1}" "${2}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
   if [[ "${output}" == "1" ]]; then
     return 0 # Bash 0 is success
   fi
@@ -247,7 +264,7 @@ database_adlist_number() {
     return;
   fi
 
-  output=$( { printf ".timeout 30000\\nUPDATE adlist SET number = %i, invalid_domains = %i WHERE id = %i;\\n" "${num_lines}" "${num_invalid}" "${1}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\nUPDATE adlist SET number = %i, invalid_domains = %i WHERE id = %i;\\n" "${num_domains}" "${num_non_domains}" "${1}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -263,7 +280,7 @@ database_adlist_status() {
     return;
   fi
 
-  output=$( { printf ".timeout 30000\\nUPDATE adlist SET status = %i WHERE id = %i;\\n" "${2}" "${1}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\nUPDATE adlist SET status = %i WHERE id = %i;\\n" "${2}" "${1}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -278,7 +295,10 @@ migrate_to_database() {
   if [ ! -e "${gravityDBfile}" ]; then
     # Create new database file - note that this will be created in version 1
     echo -e "  ${INFO} Creating new gravity database"
-    generate_gravity_database "${gravityDBfile}"
+    if ! generate_gravity_database; then
+      echo -e "   ${CROSS} Error creating new gravity database. Please contact support."
+      return 1
+    fi
 
     # Check if gravity database needs to be updated
     upgrade_gravityDB "${gravityDBfile}" "${piholeDir}"
@@ -377,9 +397,9 @@ gravity_DownloadBlocklists() {
   fi
 
   # Retrieve source URLs from gravity database
-  # We source only enabled adlists, sqlite3 stores boolean values as 0 (false) or 1 (true)
-  mapfile -t sources <<< "$(sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)"
-  mapfile -t sourceIDs <<< "$(sqlite3 "${gravityDBfile}" "SELECT id FROM vw_adlist;" 2> /dev/null)"
+  # We source only enabled adlists, SQLite3 stores boolean values as 0 (false) or 1 (true)
+  mapfile -t sources <<< "$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)"
+  mapfile -t sourceIDs <<< "$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT id FROM vw_adlist;" 2> /dev/null)"
 
   # Parse source domains from $sources
   mapfile -t sourceDomains <<< "$(
@@ -393,14 +413,12 @@ gravity_DownloadBlocklists() {
   )"
 
   local str="Pulling blocklist source list into range"
+  echo -e "${OVER}  ${TICK} ${str}"
 
-  if [[ -n "${sources[*]}" ]] && [[ -n "${sourceDomains[*]}" ]]; then
-    echo -e "${OVER}  ${TICK} ${str}"
-  else
-    echo -e "${OVER}  ${CROSS} ${str}"
+  if [[ -z "${sources[*]}" ]] || [[ -z "${sourceDomains[*]}" ]]; then
     echo -e "  ${INFO} No source list found, or it is empty"
     echo ""
-    return 1
+    unset sources
   fi
 
   local url domain agent cmd_ext str target compression
@@ -410,7 +428,7 @@ gravity_DownloadBlocklists() {
   str="Preparing new gravity database"
   echo -ne "  ${INFO} ${str}..."
   rm "${gravityTEMPfile}" > /dev/null 2>&1
-  output=$( { sqlite3 "${gravityTEMPfile}" < "${gravityDBschema}"; } 2>&1 )
+  output=$( { pihole-FTL sqlite3 "${gravityTEMPfile}" < "${gravityDBschema}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -420,7 +438,7 @@ gravity_DownloadBlocklists() {
     echo -e "${OVER}  ${TICK} ${str}"
   fi
 
-  target="$(mktemp -p "/tmp" --suffix=".gravity")"
+  target="$(mktemp -p "${GRAVITY_TMPDIR}" --suffix=".gravity")"
 
   # Use compression to reduce the amount of data that is transferred
   # between the Pi-hole and the ad list provider. Use this feature
@@ -429,9 +447,9 @@ gravity_DownloadBlocklists() {
     compression="--compressed"
     echo -e "  ${INFO} Using libz compression\n"
   else
-      compression=""
-      echo -e "  ${INFO} Libz compression not available\n"
-    fi
+    compression=""
+    echo -e "  ${INFO} Libz compression not available\n"
+  fi
   # Loop through $sources and download each one
   for ((i = 0; i < "${#sources[@]}"; i++)); do
     url="${sources[$i]}"
@@ -461,16 +479,35 @@ gravity_DownloadBlocklists() {
     check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$url" )"
 
     if [[ "${check_url}" =~ ${regex} ]]; then
-        echo -e "  ${CROSS} Invalid Target"
+      echo -e "  ${CROSS} Invalid Target"
     else
-       gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}"
+      gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}"
     fi
     echo ""
   done
 
+  str="Creating new gravity databases"
+  echo -ne "  ${INFO} ${str}..."
+
+  # Gravity copying SQL script
+  copyGravity="$(cat "${gravityDBcopy}")"
+  if [[ "${gravityDBfile}" != "${gravityDBfile_default}" ]]; then
+    # Replace default gravity script location by custom location
+    copyGravity="${copyGravity//"${gravityDBfile_default}"/"${gravityDBfile}"}"
+  fi
+
+  output=$( { pihole-FTL sqlite3 "${gravityTEMPfile}" <<< "${copyGravity}"; } 2>&1 )
+  status="$?"
+
+  if [[ "${status}" -ne 0 ]]; then
+    echo -e "\\n  ${CROSS} Unable to copy data from ${gravityDBfile} to ${gravityTEMPfile}\\n  ${output}"
+    return 1
+  fi
+  echo -e "${OVER}  ${TICK} ${str}"
+
   str="Storing downloaded domains in new gravity database"
   echo -ne "  ${INFO} ${str}..."
-  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" gravity\\n" "${target}" | sqlite3 "${gravityTEMPfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" gravity\\n" "${target}" | pihole-FTL sqlite3 "${gravityTEMPfile}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -502,41 +539,88 @@ gravity_DownloadBlocklists() {
   gravity_Blackbody=true
 }
 
-total_num=0
-num_lines=0
-num_invalid=0
+
+# global variable to indicate if we found ABP style domains during the gravity run
+# is saved in gravtiy's info table to signal FTL if such domains are available
+abp_domains=0
 parseList() {
-  local adlistID="${1}" src="${2}" target="${3}" incorrect_lines
-  # This sed does the following things:
-  # 1. Remove all domains containing invalid characters. Valid are: a-z, A-Z, 0-9, dot (.), minus (-), underscore (_)
-  # 2. Append ,adlistID to every line
-  # 3. Ensures there is a newline on the last line
-  sed -e "/[^a-zA-Z0-9.\_-]/d;s/$/,${adlistID}/;/.$/a\\" "${src}" >> "${target}"
-  # Find (up to) five domains containing invalid characters (see above)
-  incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)"
+  local adlistID="${1}" src="${2}" target="${3}" temp_file temp_file_base non_domains sample_non_domains valid_domain_pattern abp_domain_pattern
 
-  local num_target_lines num_correct_lines num_invalid
-  # Get number of lines in source file
-  num_lines="$(grep -c "^" "${src}")"
-  # Get number of lines in destination file
-  num_target_lines="$(grep -c "^" "${target}")"
-  num_correct_lines="$(( num_target_lines-total_num ))"
-  total_num="$num_target_lines"
-  num_invalid="$(( num_lines-num_correct_lines ))"
-  if [[ "${num_invalid}" -eq 0 ]]; then
-    echo "  ${INFO} Analyzed ${num_lines} domains"
+  # Create a temporary file for the sed magic instead of using "${target}" directly
+  # this allows to split the sed commands to improve readability
+  # we use a file handle here and remove the temporary file immediately so the content will be deleted in any case
+  # when the script stops
+  temp_file_base="$(mktemp -p "/tmp" --suffix=".gravity")"
+  exec 3>"$temp_file_base"
+  rm "${temp_file_base}"
+  temp_file="/proc/$$/fd/3"
+
+  # define valid domain patterns
+  # no need to include uppercase letters, as we convert to lowercase in gravity_ParseFileIntoDomains() already
+  # adapted from https://stackoverflow.com/a/30007882
+  # supported ABP style: ||subdomain.domain.tlp^
+
+  valid_domain_pattern="([a-z0-9]([a-z0-9_-]{0,61}[a-z0-9]){0,1}\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]"
+  abp_domain_pattern="\|\|${valid_domain_pattern}\^"
+
+
+  # 1. Add all valid domains
+    sed -r "/^${valid_domain_pattern}$/!d" "${src}" > "${temp_file}"
+
+  # 2. Add valid ABP style domains if there is at least one such domain
+  if  grep -E "^${abp_domain_pattern}$" -m 1 -q "${src}"; then
+    echo "  ${INFO} List contained AdBlock Plus style domains"
+    abp_domains=1
+    sed -r "/^${abp_domain_pattern}$/!d" "${src}" >> "${temp_file}"
+  fi
+
+
+  # Find lines containing no domains or with invalid characters (not matching regex above)
+  # This is simply everything that is not in $temp_file compared to $src
+  # Remove duplicates from the list
+  mapfile -t non_domains < <(grep -Fvf "${temp_file}" "${src}" | sort -u )
+
+  # 3. Remove trailing period (see https://github.com/pi-hole/pi-hole/issues/4701)
+  # 4. Append ,adlistID to every line
+  # 5. Ensures there is a newline on the last line
+  # and write everything to the target file
+  sed "s/\.$//;s/$/,${adlistID}/;/.$/a\\" "${temp_file}" >> "${target}"
+
+  # A list of items of common local hostnames not to report as unusable
+  # Some lists (i.e StevenBlack's) contain these as they are supposed to be used as HOST files
+  # but flagging them as unusable causes more confusion than it's worth - so we suppress them from the output
+  false_positives="localhost|localhost.localdomain|local|broadcasthost|localhost|ip6-localhost|ip6-loopback|lo0 localhost|ip6-localnet|ip6-mcastprefix|ip6-allnodes|ip6-allrouters|ip6-allhosts"
+
+  # if there are any non-domains, filter the array for false-positives
+  # Credit: https://stackoverflow.com/a/40264051
+  if [[ "${#non_domains[@]}" -gt 0 ]]; then
+    mapfile -d $'\0' -t non_domains < <(printf '%s\0' "${non_domains[@]}" | grep -Ezv "^${false_positives}")
+  fi
+
+  # Get a sample of non-domain entries, limited to 5 (the list should already have been de-duplicated)
+  IFS=" " read -r -a sample_non_domains <<< "$(tr ' ' '\n' <<< "${non_domains[@]}" | head -n 5 | tr '\n' ' ')"
+
+  # Get the number of domains added
+  num_domains="$(grep -c "^" "${temp_file}")"
+  # Get the number of non_domains (this is the number of entries left after stripping the source of comments/duplicates/false positives/domains)
+  num_non_domains="${#non_domains[@]}"
+
+  # If there are unusable lines, we display some information about them. This is not error or major cause for concern.
+  if [[ "${num_non_domains}" -ne 0 ]]; then
+    echo "  ${INFO} Imported ${num_domains} domains, ignoring ${num_non_domains} non-domain entries"
+    echo "      Sample of non-domain entries:"
+    for each in "${sample_non_domains[@]}"
+    do
+        echo "        - ${each}"
+    done
   else
-    echo "  ${INFO} Analyzed ${num_lines} domains, ${num_invalid} domains invalid!"
+    echo "  ${INFO} Imported ${num_domains} domains"
   fi
 
-  # Display sample of invalid lines if we found some
-  if [[ -n "${incorrect_lines}" ]]; then
-    echo "      Sample of invalid domains:"
-    while IFS= read -r line; do
-      echo "      - ${line}"
-    done <<< "${incorrect_lines}"
-  fi
+  # close file handle
+  exec 3<&-
 }
+
 compareLists() {
   local adlistID="${1}" target="${2}"
 
@@ -564,10 +648,10 @@ compareLists() {
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
   local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}" compression="${7}"
-  local heisenbergCompensator="" patternBuffer str httpCode success=""
+  local heisenbergCompensator="" patternBuffer str httpCode success="" ip
 
   # Create temp file to store content on disk instead of RAM
-  patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb")
+  patternBuffer=$(mktemp -p "${GRAVITY_TMPDIR}" --suffix=".phgpb")
 
   # Determine if $saveLocation has read permission
   if [[ -r "${saveLocation}" && $url != "file"* ]]; then
@@ -582,25 +666,32 @@ gravity_DownloadBlocklistFromUrl() {
   blocked=false
   case $BLOCKINGMODE in
     "IP-NODATA-AAAA"|"IP")
-        if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
+      # Get IP address of this domain
+      ip="$(dig "${domain}" +short)"
+      # Check if this IP matches any IP of the system
+      if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then
+        blocked=true
+      fi;;
     "NXDOMAIN")
-        if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
+      if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
+        blocked=true
+      fi;;
+    "NODATA")
+      if [[ $(dig "${domain}" | grep "NOERROR" -c) -ge 1 ]] && [[ -z $(dig +short "${domain}") ]]; then
+         blocked=true
+      fi;;
     "NULL"|*)
-        if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
-   esac
+      if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
+        blocked=true
+      fi;;
+  esac
 
   if [[ "${blocked}" == true ]]; then
     printf -v ip_addr "%s" "${PIHOLE_DNS_1%#*}"
     if [[ ${PIHOLE_DNS_1} != *"#"* ]]; then
-        port=53
+      port=53
     else
-        printf -v port "%s" "${PIHOLE_DNS_1#*#}"
+      printf -v port "%s" "${PIHOLE_DNS_1#*#}"
     fi
     ip=$(dig "@${ip_addr}" -p "${port}" +short "${domain}" | tail -1)
     if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then
@@ -614,16 +705,16 @@ gravity_DownloadBlocklistFromUrl() {
   fi
 
   # shellcheck disable=SC2086
-  httpCode=$(curl -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)
+  httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${heisenbergCompensator} -w "%{http_code}" -A "${agent}" "${url}" -o "${patternBuffer}" 2> /dev/null)
 
   case $url in
     # Did we "download" a local file?
     "file"*)
-        if [[ -s "${patternBuffer}" ]]; then
-          echo -e "${OVER}  ${TICK} ${str} Retrieval successful"; success=true
-        else
-          echo -e "${OVER}  ${CROSS} ${str} Not found / empty list"
-        fi;;
+      if [[ -s "${patternBuffer}" ]]; then
+        echo -e "${OVER}  ${TICK} ${str} Retrieval successful"; success=true
+      else
+        echo -e "${OVER}  ${CROSS} ${str} Not found / empty list"
+      fi;;
     # Did we "download" a remote file?
     *)
       # Determine "Status:" output based on HTTP response
@@ -682,8 +773,8 @@ gravity_DownloadBlocklistFromUrl() {
     else
       echo -e "  ${CROSS} List download failed: ${COL_LIGHT_RED}no cached list available${COL_NC}"
       # Manually reset these two numbers because we do not call parseList here
-      num_lines=0
-      num_invalid=0
+      num_domains=0
+      num_non_domains=0
       database_adlist_number "${adlistID}"
       database_adlist_status "${adlistID}" "4"
     fi
@@ -692,72 +783,37 @@ gravity_DownloadBlocklistFromUrl() {
 
 # Parse source files into domains format
 gravity_ParseFileIntoDomains() {
-  local source="${1}" destination="${2}" firstLine
+  local src="${1}" destination="${2}"
 
-  # Determine if we are parsing a consolidated list
-  #if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then
-    # Remove comments and print only the domain name
-    # Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous
-    # This helps with that and makes it easier to read
-    # It also helps with debugging so each stage of the script can be researched more in depth
-    # 1) Remove carriage returns
-    # 2) Convert all characters to lowercase
-    # 3) Remove comments (text starting with "#", include possible spaces before the hash sign)
-    # 4) Remove lines containing "/"
-    # 5) Remove leading tabs, spaces, etc.
-    # 6) Delete lines not matching domain names
-    < "${source}" tr -d '\r' | \
-    tr '[:upper:]' '[:lower:]' | \
-    sed 's/\s*#.*//g' | \
-    sed -r '/(\/).*$/d' | \
-    sed -r 's/^.*\s+//g' | \
-    sed -r '/([^\.]+\.)+[^\.]{2,}/!d' >  "${destination}"
-    chmod 644 "${destination}"
-    return 0
-  #fi
+  # Remove comments and print only the domain name
+  # Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous
+  # This helps with that and makes it easier to read
+  # It also helps with debugging so each stage of the script can be researched more in depth
+  # 1) Convert all characters to lowercase
+  tr '[:upper:]' '[:lower:]' < "${src}" > "${destination}"
 
-  # Individual file parsing: Keep comments, while parsing domains from each line
-  # We keep comments to respect the list maintainer's licensing
-  read -r firstLine < "${source}"
+  # 2) Remove carriage returns
+  sed -i 's/\r$//' "${destination}"
 
-  # Determine how to parse individual source file formats
-  if [[ "${firstLine,,}" =~ (adblock|ublock|^!) ]]; then
-    # Compare $firstLine against lower case words found in Adblock lists
-    echo -e "  ${CROSS} Format: Adblock (list type not supported)"
-  elif grep -q "^address=/" "${source}" &> /dev/null; then
-    # Parse Dnsmasq format lists
-    echo -e "  ${CROSS} Format: Dnsmasq (list type not supported)"
-  elif grep -q -E "^https?://" "${source}" &> /dev/null; then
-    # Parse URL list if source file contains "http://" or "https://"
-    # Scanning for "^IPv4$" is too slow with large (1M) lists on low-end hardware
-    echo -ne "  ${INFO} Format: URL"
+  # 3a) Remove comments (text starting with "#", include possible spaces before the hash sign)
+  sed -i 's/\s*#.*//g' "${destination}"
 
-    awk '
-      # Remove URL scheme, optional "username:password@", and ":?/;"
-      # The scheme must be matched carefully to avoid blocking the wrong URL
-      # in cases like:
-      #   http://www.evil.com?http://www.good.com
-      # See RFC 3986 section 3.1 for details.
-      /[:?\/;]/ { gsub(/(^[a-zA-Z][a-zA-Z0-9+.-]*:\/\/(.*:.*@)?|[:?\/;].*)/, "", $0) }
-      # Skip lines which are only IPv4 addresses
-      /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/ { next }
-      # Print if nonempty
-      length { print }
-    ' "${source}" 2> /dev/null > "${destination}"
-    chmod 644 "${destination}"
+  # 3b) Remove lines starting with ! (ABP Comments)
+  sed -i 's/\s*!.*//g' "${destination}"
 
-    echo -e "${OVER}  ${TICK} Format: URL"
-  else
-    # Default: Keep hosts/domains file in same format as it was downloaded
-    output=$( { mv "${source}" "${destination}"; } 2>&1 )
-    chmod 644 "${destination}"
+  # 3c) Remove lines starting with [ (ABP Header)
+  sed -i 's/\s*\[.*//g' "${destination}"
 
-    if [[ ! -e "${destination}" ]]; then
-      echo -e "\\n  ${CROSS} Unable to move tmp file to ${piholeDir}
-    ${output}"
-      gravity_Cleanup "error"
-    fi
-  fi
+  # 4) Remove lines containing "/"
+  sed -i -r '/(\/).*$/d' "${destination}"
+
+  # 5) Remove leading tabs, spaces, etc. (Also removes leading IP addresses)
+  sed -i -r 's/^.*\s+//g' "${destination}"
+
+  # 6) Remove empty lines
+  sed -i '/^$/d' "${destination}"
+
+  chmod 644 "${destination}"
 }
 
 # Report number of entries in a table
@@ -765,12 +821,12 @@ gravity_Table_Count() {
   local table="${1}"
   local str="${2}"
   local num
-  num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM ${table};")"
+  num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM ${table};")"
   if [[ "${table}" == "vw_gravity" ]]; then
     local unique
-    unique="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(DISTINCT domain) FROM ${table};")"
+    unique="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(DISTINCT domain) FROM ${table};")"
     echo -e "  ${INFO} Number of ${str}: ${num} (${COL_BOLD}${unique} unique domains${COL_NC})"
-    sqlite3 "${gravityDBfile}" "INSERT OR REPLACE INTO info (property,value) VALUES ('gravity_count',${unique});"
+    pihole-FTL sqlite3 "${gravityDBfile}" "INSERT OR REPLACE INTO info (property,value) VALUES ('gravity_count',${unique});"
   else
     echo -e "  ${INFO} Number of ${str}: ${num}"
   fi
@@ -785,43 +841,12 @@ gravity_ShowCount() {
   gravity_Table_Count "vw_regex_whitelist" "regex whitelist filters"
 }
 
-# Parse list of domains into hosts format
-gravity_ParseDomainsIntoHosts() {
-  awk -v ipv4="$IPV4_ADDRESS" -v ipv6="$IPV6_ADDRESS" '{
-    # Remove windows CR line endings
-    sub(/\r$/, "")
-    # Parse each line as "ipaddr domain"
-    if(ipv6 && ipv4) {
-      print ipv4" "$0"\n"ipv6" "$0
-    } else if(!ipv6) {
-      print ipv4" "$0
-    } else {
-      print ipv6" "$0
-    }
-  }' >> "${2}" < "${1}"
-}
-
 # Create "localhost" entries into hosts format
 gravity_generateLocalList() {
-  local hostname
-
-  if [[ -s "/etc/hostname" ]]; then
-    hostname=$(< "/etc/hostname")
-  elif command -v hostname &> /dev/null; then
-    hostname=$(hostname -f)
-  else
-    echo -e "  ${CROSS} Unable to determine fully qualified domain name of host"
-    return 0
-  fi
-
-  echo -e "${hostname}\\npi.hole" > "${localList}.tmp"
-
   # Empty $localList if it already exists, otherwise, create it
-  : > "${localList}"
+  echo "### Do not modify this file, it will be overwritten by pihole -g" > "${localList}"
   chmod 644 "${localList}"
 
-  gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}"
-
   # Add additional LAN hosts provided by OpenVPN (if available)
   if [[ -f "${VPNList}" ]]; then
     awk -F, '{printf $2"\t"$1".vpn\n"}' "${VPNList}" >> "${localList}"
@@ -843,7 +868,7 @@ gravity_Cleanup() {
   # Delete tmp content generated by Gravity
   rm ${piholeDir}/pihole.*.txt 2> /dev/null
   rm ${piholeDir}/*.tmp 2> /dev/null
-  rm /tmp/*.phgpb 2> /dev/null
+  rm "${GRAVITY_TMPDIR}"/*.phgpb 2> /dev/null
 
   # Ensure this function only runs when gravity_SetDownloadOptions() has completed
   if [[ "${gravity_Blackbody:-}" == true ]]; then
@@ -872,6 +897,53 @@ gravity_Cleanup() {
   fi
 }
 
+database_recovery() {
+  local result
+  local str="Checking integrity of existing gravity database (this can take a while)"
+  local option="${1}"
+  echo -ne "  ${INFO} ${str}..."
+  result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"
+
+  if [[ ${result} = "ok" ]]; then
+    echo -e "${OVER}  ${TICK} ${str} - no errors found"
+
+    str="Checking foreign keys of existing gravity database (this can take a while)"
+    echo -ne "  ${INFO} ${str}..."
+    unset result
+    result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"
+    if [[ -z ${result} ]]; then
+      echo -e "${OVER}  ${TICK} ${str} - no errors found"
+      if [[ "${option}" != "force" ]]; then
+        return
+      fi
+    else
+      echo -e "${OVER}  ${CROSS} ${str} - errors found:"
+      while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
+    fi
+  else
+    echo -e "${OVER}  ${CROSS} ${str} - errors found:"
+    while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
+  fi
+
+  str="Trying to recover existing gravity database"
+  echo -ne "  ${INFO} ${str}..."
+  # We have to remove any possibly existing recovery database or this will fail
+  rm -f "${gravityDBfile}.recovered" > /dev/null 2>&1
+  if result="$(pihole-FTL sqlite3 "${gravityDBfile}" ".recover" | pihole-FTL sqlite3 "${gravityDBfile}.recovered" 2>&1)"; then
+    echo -e "${OVER}  ${TICK} ${str} - success"
+    mv "${gravityDBfile}" "${gravityDBfile}.old"
+    mv "${gravityDBfile}.recovered" "${gravityDBfile}"
+    echo -ne " ${INFO} ${gravityDBfile} has been recovered"
+    echo -ne " ${INFO} The old ${gravityDBfile} has been moved to ${gravityDBfile}.old"
+  else
+    echo -e "${OVER}  ${CROSS} ${str} - the following errors happened:"
+    while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
+    echo -e "  ${CROSS} Recovery failed. Try \"pihole -r recreate\" instead."
+    exit 1
+  fi
+  echo ""
+}
+
 helpFunc() {
   echo "Usage: pihole -g
 Update domains from blocklists specified in adlists.list
@@ -882,19 +954,51 @@ Options:
   exit 0
 }
 
+repairSelector() {
+  case "$1" in
+    "recover") recover_database=true;;
+    "recreate") recreate_database=true;;
+    *) echo "Usage: pihole -g -r {recover,recreate}
+Attempt to repair gravity database
+
+Available options:
+  pihole -g -r recover        Try to recover a damaged gravity database file.
+                              Pi-hole tries to restore as much as possible
+                              from a corrupted gravity database.
+
+  pihole -g -r recover force  Pi-hole will run the recovery process even when
+                              no damage is detected. This option is meant to be
+                              a last resort. Recovery is a fragile task
+                              consuming a lot of resources and shouldn't be
+                              performed unnecessarily.
+
+  pihole -g -r recreate       Create a new gravity database file from scratch.
+                              This will remove your existing gravity database
+                              and create a new file from scratch. If you still
+                              have the migration backup created when migrating
+                              to Pi-hole v5.0, Pi-hole will import these files."
+    exit 0;;
+  esac
+}
+
 for var in "$@"; do
   case "${var}" in
     "-f" | "--force" ) forceDelete=true;;
-    "-r" | "--recreate" ) recreate_database=true;;
+    "-r" | "--repair" ) repairSelector "$3";;
     "-h" | "--help" ) helpFunc;;
   esac
 done
 
+# Remove OLD (backup) gravity file, if it exists
+if [[ -f "${gravityOLDfile}" ]]; then
+  rm "${gravityOLDfile}"
+fi
+
 # Trap Ctrl-C
 gravity_Trap
 
 if [[ "${recreate_database:-}" == true ]]; then
-  str="Restoring from migration backup"
+  str="Recreating gravity database from migration backup"
   echo -ne "${INFO} ${str}..."
   rm "${gravityDBfile}"
   pushd "${piholeDir}" > /dev/null || exit
@@ -903,8 +1007,15 @@ if [[ "${recreate_database:-}" == true ]]; then
   echo -e "${OVER}  ${TICK} ${str}"
 fi
 
+if [[ "${recover_database:-}" == true ]]; then
+  database_recovery "$4"
+fi
+
 # Move possibly existing legacy files to the gravity database
-migrate_to_database
+if ! migrate_to_database; then
+  echo -e "   ${CROSS} Unable to migrate to database. Please contact support."
+  exit 1
+fi
 
 if [[ "${forceDelete:-}" == true ]]; then
   str="Deleting existing list cache"
@@ -915,18 +1026,28 @@ if [[ "${forceDelete:-}" == true ]]; then
 fi
 
 # Gravity downloads blocklists next
-gravity_CheckDNSResolutionAvailable
+if ! gravity_CheckDNSResolutionAvailable; then
+  echo -e "   ${CROSS} Can not complete gravity update, no DNS is available. Please contact support."
+  exit 1
+fi
+
 gravity_DownloadBlocklists
 
 # Create local.list
 gravity_generateLocalList
 
 # Migrate rest of the data from old to new database
-gravity_swap_databases
+if ! gravity_swap_databases; then
+  echo -e "   ${CROSS} Unable to create database. Please contact support."
+  exit 1
+fi
 
 # Update gravity timestamp
 update_gravity_timestamp
 
+# Set abp_domain info field
+set_abp_info
+
 # Ensure proper permissions are set for the database
 chown pihole:pihole "${gravityDBfile}"
 chmod g+w "${piholeDir}" "${gravityDBfile}"

manpages/pihole-FTL.8

@@ -144,7 +144,9 @@ Command line arguments can be arbitrarily combined, e.g:
 Start ftl in foreground with more verbose logging, process everything and shutdown immediately
 .br
 .SH "SEE ALSO"
-\fBpihole\fR(8), \fBpihole-FTL.conf\fR(5)
+\fBpihole\fR(8)
+.br
+\fBFor FTL's config options please see https://docs.pi-hole.net/ftldns/configfile/\fR
 .br
 .SH "COLOPHON"
 

manpages/pihole-FTL.conf.5

@@ -1,313 +0,0 @@
-.TH "pihole-FTL.conf" "5" "pihole-FTL.conf" "pihole-FTL.conf" "November 2020"
-.SH "NAME"
-
-pihole-FTL.conf - FTL's config file
-.br
-.SH "DESCRIPTION"
-
-/etc/pihole/pihole-FTL.conf will be read by \fBpihole-FTL(8)\fR on startup.
-.br
-For each setting the option shown first is the default.
-.br
-
-\fBBLOCKINGMODE=IP|IP-AAAA-NODATA|NODATA|NXDOMAIN|NULL\fR
-.br
-    How should FTL reply to blocked queries?
-
-    IP             - Pi-hole's IPs for blocked domains
-
-    IP-AAAA-NODATA - Pi-hole's IP + NODATA-IPv6 for blocked domains
-
-    NODATA         - Using NODATA for blocked domains
-
-    NXDOMAIN       - NXDOMAIN for blocked domains
-
-    NULL           - Null IPs for blocked domains
-.br
-
-\fBCNAME_DEEP_INSPECT=true|false\fR
-.br
-    Use this option to disable deep CNAME inspection. This might be beneficial for very low-end devices.
-.br
-
-\fBBLOCK_ESNI=true|false\fR
-.br
-    Block requests to _esni.* sub-domains.
-.br
-
-\fBMAXLOGAGE=24.0\fR
-.br
-    Up to how many hours of queries should be imported from the database and logs?
-.br
-    Maximum is 744 (31 days)
-.br
-
-\fBPRIVACYLEVEL=0|1|2|3|4\fR
-.br
-    Privacy level used to collect Pi-hole statistics.
-.br
-    0 - show everything
-.br
-    1 - hide domains
-.br
-    2 - hide domains and clients
-.br
-    3 - anonymous mode (hide everything)
-.br
-    4 - disable all statistics
-.br
-
-\fBIGNORE_LOCALHOST=no|yes\fR
-.br
-    Should FTL ignore queries coming from the local machine?
-.br
-
-\fBAAAA_QUERY_ANALYSIS=yes|no\fR
-.br
-    Should FTL analyze AAAA queries?
-.br
-
-\fBANALYZE_ONLY_A_AND_AAAA=false|true\fR
-.br
-    Should FTL only analyze A and AAAA queries?
-.br
-
-\fBSOCKET_LISTENING=localonly|all\fR
-.br
-    Listen only for local socket connections on the API port or permit all connections.
-.br
-
-\fBFTLPORT=4711\fR
-.br
-    On which port should FTL be listening?
-.br
-
-\fBRESOLVE_IPV6=yes|no\fR
-.br
-    Should FTL try to resolve IPv6 addresses to hostnames?
-.br
-
-\fBRESOLVE_IPV4=yes|no\fR
-.br
-    Should FTL try to resolve IPv4 addresses to hostnames?
-.br
-
-\fBDELAY_STARTUP=0\fR
-.br
-    Time in seconds (between 0 and 300) to delay FTL startup.
-.br
-
-\fBNICE=-10\fR
-.br
-    Set the niceness of the Pi-hole FTL process.
-.br
-    Can be disabled altogether by setting a value of -999.
-.br
-
-\fBNAMES_FROM_NETDB=true|false\fR
-.br
-    Control whether FTL should use a fallback option and try to obtain client names from checking the network table.
-.br
-    E.g. IPv6 clients without a hostname will be compared via MAC address to known clients.
-.br
-
-\fB\fBREFRESH_HOSTNAMES=IPV4|ALL|NONE\fR
-.br
-    Change how (and if) hourly PTR requests are made to check for changes in client and upstream server hostnames:
-.br
-    IPV4 - Do the hourly PTR lookups only for IPv4 addresses resolving issues in networks with many short-lived PE IPv6 addresses.
-.br
-    ALL  - Do the hourly PTR lookups for all addresses. This can create a lot of PTR queries in networks with many IPv6 addresses.
-.br
-    NONE - Don't do hourly PTR lookups. Look up hostnames once (when first seeing a client) and never again. Future hostname changes may be missed.
-.br
-
-\fBMAXNETAGE=365\fR
-.br
-    IP addresses (and associated host names) older than the specified number of days are removed.
-.br
-    This avoids dead entries in the network overview table.
-.br
-
-\fBEDNS0_ECS=true|false\fR
-.br
-    Should we overwrite the query source when client information is provided through EDNS0 client subnet (ECS) information?
-.br
-
-\fBPARSE_ARP_CACHE=true|false\fR
-.br
-    Parse ARP cache to fill network overview table.
-.br
-
-\fBDBIMPORT=yes|no\fR
-.br
-    Should FTL load information from the database on startup to be aware of the most recent history?
-.br
-
-\fBMAXDBDAYS=365\fR
-.br
-    How long should queries be stored in the database? Setting this to 0 disables the database
-.br
-
-\fBDBINTERVAL=1.0\fR
-.br
-    How often do we store queries in FTL's database [minutes]?
-.br
-    Accepts value between 0.1 (6 sec) and 1440 (1 day)
-.br
-
-\fBDBFILE=/etc/pihole/pihole-FTL.db\fR
-.br
-    Specify path and filename of FTL's SQLite long-term database.
-.br
-    Setting this to DBFILE= disables the database altogether
-.br
-
-\fBLOGFILE=/var/log/pihole-FTL.log\fR
-.br
-    The location of FTL's log file.
-.br
-
-\fBPIDFILE=/run/pihole-FTL.pid\fR
-.br
-    The file which contains the PID of FTL's main process.
-.br
-
-\fBPORTFILE=/run/pihole-FTL.port\fR
-.br
-    Specify path and filename where the FTL process will write its API port number.
-.br
-
-\fBSOCKETFILE=/run/pihole/FTL.sock\fR
-.br
-    The file containing the socket FTL's API is listening on.
-.br
-
-\fBSETUPVARSFILE=/etc/pihole/setupVars.conf\fR
-.br
-    The config file of Pi-hole containing, e.g., the current blocking status (do not change).
-.br
-
-\fBMACVENDORDB=/etc/pihole/macvendor.db\fR
-.br
-    The database containing MAC -> Vendor information for the network table.
-.br
-
-\fBGRAVITYDB=/etc/pihole/gravity.db\fR
-.br
-    Specify path and filename of FTL's SQLite3 gravity database. This database contains all domains relevant for Pi-hole's DNS blocking.
-.br
-
-\fBDEBUG_ALL=false|true\fR
-.br
-    Enable all debug flags. If this is set to true, all other debug config options are ignored.
-.br
-
-\fBDEBUG_DATABASE=false|true\fR
-.br
-    Print debugging information about database actions such as SQL statements and performance.
-.br
-
-\fBDEBUG_NETWORKING=false|true\fR
-.br
-    Prints a list of the detected network interfaces on the startup of FTL.
-.br
-
-\fBDEBUG_LOCKS=false|true\fR
-.br
-    Print information about shared memory locks.
-.br
-    Messages will be generated when waiting, obtaining, and releasing a lock.
-.br
-
-\fBDEBUG_QUERIES=false|true\fR
-.br
-    Print extensive DNS query information (domains, types, replies, etc.).
-.br
-
-\fBDEBUG_FLAGS=false|true\fR
-.br
-    Print flags of queries received by the DNS hooks.
-.br
-    Only effective when \fBDEBUG_QUERIES\fR is enabled as well.
-
-\fBDEBUG_SHMEM=false|true\fR
-.br
-    Print information about shared memory buffers.
-.br
-    Messages are either about creating or enlarging shmem objects or string injections.
-.br
-
-\fBDEBUG_GC=false|true\fR
-.br
-    Print information about garbage collection (GC):
-.br
-    What is to be removed, how many have been removed and how long did GC take.
-.br
-
-\fBDEBUG_ARP=false|true\fR
-.br
-    Print information about ARP table processing:
-.br
-    How long did parsing take, whether read MAC addresses are valid, and if the macvendor.db file exists.
-.br
-
-\fBDEBUG_REGEX=false|true\fR
-.br
-    Controls if FTL should print extended details about regex matching.
-.br
-
-\fBDEBUG_API=false|true\fR
-.br
-    Print extra debugging information during telnet API calls.
-.br
-    Currently only used to send extra information when getting all queries.
-.br
-
-\fBDEBUG_OVERTIME=false|true\fR
-.br
-    Print information about overTime memory operations, such as initializing or moving overTime slots.
-.br
-
-\fBDEBUG_EXTBLOCKED=false|true\fR
-.br
-    Print information about why FTL decided that certain queries were recognized as being externally blocked.
-.br
-
-\fBDEBUG_CAPS=false|true\fR
-.br
-    Print information about POSIX capabilities granted to the FTL process.
-.br
-    The current capabilities are printed on receipt of SIGHUP i.e. after executing `killall -HUP pihole-FTL`.
-.br
-
-\fBDEBUG_DNSMASQ_LINES=false|true\fR
-.br
-    Print file and line causing a dnsmasq event into FTL's log files.
-.br
-    This is handy to implement additional hooks missing from FTL.
-.br
-
-\fBDEBUG_VECTORS=false|true\fR
-.br
-    FTL uses dynamically allocated vectors for various tasks.
-.br
-    This config option enables extensive debugging information such as information about allocation, referencing, deletion, and appending.
-.br
-
-\fBDEBUG_RESOLVER=false|true\fR
-.br
-    Extensive information about hostname resolution like which DNS servers are used in the first and second hostname resolving tries.
-.br
-
-.SH "SEE ALSO"
-
-\fBpihole\fR(8), \fBpihole-FTL\fR(8)
-.br
-.SH "COLOPHON"
-
-Pi-hole : The Faster-Than-Light (FTL) Engine is a lightweight, purpose-built daemon used to provide statistics needed for the Pi-hole Web Interface, and its API can be easily integrated into your own projects. Although it is an optional component of the Pi-hole ecosystem, it will be installed by default to provide statistics. As the name implies, FTL does its work \fIvery quickly\fR!
-.br
-
-Get sucked into the latest news and community activity by entering Pi-hole's orbit. Information about Pi-hole, and the latest version of the software can be found at https://pi-hole.net
-.br

manpages/pihole.8

@@ -11,8 +11,6 @@ Pi-hole : A black-hole for internet advertisements
 .br
 \fBpihole -a\fR (\fB-c|-f|-k\fR)
 .br
-\fBpihole -a -e\fR email
-.br
 \fBpihole -a -i\fR interface
 .br
 \fBpihole -a -l\fR privacylevel
@@ -25,7 +23,7 @@ Pi-hole : A black-hole for internet advertisements
 .br
 pihole -r
 .br
-pihole -t
+\fBpihole\fR \fB-t\fR [arg]
 .br
 pihole -g\fR
 .br
@@ -56,7 +54,7 @@ Available commands and options:
 
 \fB-w, whitelist\fR [options] [<domain1> <domain2 ...>]
 .br
-    Adds or removes specified domain or domains tho the Whitelist
+    Adds or removes specified domain or domains to the Whitelist
 .br
 
 \fB-b, blacklist\fR [options] [<domain1> <domain2 ...>]
@@ -115,11 +113,15 @@ Available commands and options:
     Reconfigure or Repair Pi-hole subsystems
 .br
 
-\fB-t, tail\fR
+\fB-t, tail\fR [arg]
 .br
     View the live output of the Pi-hole log
 .br
 
+      [arg]             Optional argument to filter the log for
+                        (regular expressions are supported)
+.br
+
 \fB-a, admin\fR [options]
 .br
 
@@ -132,9 +134,6 @@ Available commands and options:
       -f, fahrenheit    Set Fahrenheit as preferred temperature unit
 .br
       -k, kelvin        Set Kelvin as preferred temperature unit
-.br
-      -e, email         Set an administrative contact address for the
-                        Block Page
 .br
       -i, interface     Specify dnsmasq's interface listening behavior
 .br
@@ -187,12 +186,12 @@ Available commands and options:
 
 	(Logging options):
 .br
-      on                Enable the Pi-hole log at /var/log/pihole.log
+      on                Enable the Pi-hole log at /var/log/pihole/pihole.log
 .br
       off               Disable and flush the Pi-hole log at
-                        /var/log/pihole.log
+                        /var/log/pihole/pihole.log
 .br
-      off noflush       Disable the Pi-hole log at /var/log/pihole.log
+      off noflush       Disable the Pi-hole log at /var/log/pihole/pihole.log
 .br
 
 \fB-up, updatePihole\fR [--check-only]

pihole

@@ -16,11 +16,21 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
 # error due to modifying a readonly variable.
 setupVars="/etc/pihole/setupVars.conf"
 PI_HOLE_BIN_DIR="/usr/local/bin"
-readonly FTL_PID_FILE="/run/pihole-FTL.pid"
 
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"
 
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+source "${utilsfile}"
+
+versionsfile="/etc/pihole/versions"
+if [ -f "${versionsfile}" ]; then
+    # Only source versionsfile if the file exits
+    # fixes a warning during installation where versionsfile does not exist yet
+    # but gravity calls `pihole -status` and thereby sourcing the file
+    source "${versionsfile}"
+fi
+
 webpageFunc() {
   source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
   main "$@"
@@ -33,19 +43,20 @@ listFunc() {
 }
 
 debugFunc() {
-  local automated
-  local web
+    local automated
+    local web
+    local check_database_integrity
+    # Pull off the `debug` leaving passed call augmentation flags in $1
+    shift
 
-  # Pull off the `debug` leaving passed call augmentation flags in $1
-  shift
-  if [[ "$@" == *"-a"* ]]; then
-    automated="true"
-  fi
-  if [[ "$@" == *"-w"* ]]; then
-    web="true"
-  fi
+    for value in "$@"; do
+        [[ "$value"  == *"-a"* ]] && automated="true"
+        [[ "$value"  == *"-w"* ]] && web="true"
+        [[ "$value"  == *"-c"* ]] && check_database_integrity="true"
+        [[ "$value" == *"--check_database"* ]] && check_database_integrity="true"
+    done
 
-  AUTOMATED=${automated:-} WEBCALL=${web:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
+  AUTOMATED=${automated:-} WEBCALL=${web:-} CHECK_DATABASE=${check_database_integrity:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
   exit 0
 }
 
@@ -60,19 +71,26 @@ arpFunc() {
 }
 
 updatePiholeFunc() {
-  shift
-  "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@"
-  exit 0
+  if [ -n "${DOCKER_VERSION}" ]; then
+    unsupportedFunc
+  else
+    shift
+    "${PI_HOLE_SCRIPT_DIR}"/update.sh "$@"
+    exit 0
+  fi
 }
 
 reconfigurePiholeFunc() {
-  /etc/.pihole/automated\ install/basic-install.sh --reconfigure
-  exit 0;
+  if [ -n "${DOCKER_VERSION}" ]; then
+    unsupportedFunc
+  else
+    /etc/.pihole/automated\ install/basic-install.sh --reconfigure
+    exit 0;
+  fi
 }
 
 updateGravityFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
-  exit $?
+  exec "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
 }
 
 queryFunc() {
@@ -89,44 +107,34 @@ chronometerFunc() {
 
 
 uninstallFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/uninstall.sh
-  exit 0
+  if [ -n "${DOCKER_VERSION}" ]; then
+    unsupportedFunc
+  else
+    "${PI_HOLE_SCRIPT_DIR}"/uninstall.sh
+    exit 0
+  fi
 }
 
 versionFunc() {
   shift
-  "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
-  exit 0
-}
-
-# Get PID of main pihole-FTL process
-getFTLPID() {
-  local pid
-
-  if [ -s "${FTL_PID_FILE}" ]; then
-    # -s: FILE exists and has a size greater than zero
-    pid="$(<"$FTL_PID_FILE")"
-    # Exploit prevention: unset the variable if there is malicious content
-    # Verify that the value read from the file is numeric
-    [[ "$pid" =~ [^[:digit:]] ]] && unset pid
-  fi
-
-  # If FTL is not running, or the PID file contains malicious stuff, substitute
-  # negative PID to signal this to the caller
-  echo "${pid:=-1}"
+  exec "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
 }
 
 restartDNS() {
-  local svcOption svc str output status pid icon
+  local svcOption svc str output status pid icon FTL_PID_FILE
   svcOption="${1:-restart}"
 
+  # get the current path to the pihole-FTL.pid
+  FTL_PID_FILE="$(getFTLPIDFile)"
+
   # Determine if we should reload or restart
   if [[ "${svcOption}" =~ "reload-lists" ]]; then
     # Reloading of the lists has been requested
     # Note 1: This will NOT re-read any *.conf files
     # Note 2: We cannot use killall here as it does
     #         not know about real-time signals
-    pid="$(getFTLPID)"
+
+    pid="$(getFTLPID ${FTL_PID_FILE})"
     if [[ "$pid" -eq "-1" ]]; then
       svc="true"
       str="FTL is not running"
@@ -139,7 +147,7 @@ restartDNS() {
   elif [[ "${svcOption}" =~ "reload" ]]; then
     # Reloading of the DNS cache has been requested
     # Note: This will NOT re-read any *.conf files
-    pid="$(getFTLPID)"
+    pid="$(getFTLPID ${FTL_PID_FILE})"
     if [[ "$pid" -eq "-1" ]]; then
       svc="true"
       str="FTL is not running"
@@ -225,8 +233,7 @@ Time:
       fi
 
       local str="Pi-hole Disabled"
-      sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
-      echo "BLOCKING_ENABLED=false" >> "${setupVars}"
+      addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "false"
     fi
   else
     # Enable Pi-hole
@@ -238,11 +245,10 @@ Time:
     echo -e "  ${INFO} Enabling blocking"
     local str="Pi-hole Enabled"
 
-    sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
-    echo "BLOCKING_ENABLED=true" >> "${setupVars}"
+    addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "true"
   fi
 
-  restartDNS reload
+  restartDNS reload-lists
 
   echo -e "${OVER}  ${TICK} ${str}"
 }
@@ -255,14 +261,14 @@ Example: 'pihole logging on'
 Specify whether the Pi-hole log should be used
 
 Options:
-  on                  Enable the Pi-hole log at /var/log/pihole.log
-  off                 Disable and flush the Pi-hole log at /var/log/pihole.log
-  off noflush         Disable the Pi-hole log at /var/log/pihole.log"
+  on                  Enable the Pi-hole log at /var/log/pihole/pihole.log
+  off                 Disable and flush the Pi-hole log at /var/log/pihole/pihole.log
+  off noflush         Disable the Pi-hole log at /var/log/pihole/pihole.log"
     exit 0
   elif [[ "${1}" == "off" ]]; then
     # Disable logging
-    sed -i 's/^log-queries/#log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    sed -i 's/^QUERY_LOGGING=true/QUERY_LOGGING=false/' /etc/pihole/setupVars.conf
+    removeKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
+    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "false"
     if [[ "${2}" != "noflush" ]]; then
       # Flush logs
       "${PI_HOLE_BIN_DIR}"/pihole -f
@@ -271,8 +277,8 @@ Options:
     local str="Logging has been disabled!"
   elif [[ "${1}" == "on" ]]; then
     # Enable logging
-    sed -i 's/^#log-queries/log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    sed -i 's/^QUERY_LOGGING=false/QUERY_LOGGING=true/' /etc/pihole/setupVars.conf
+    addKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
+    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "true"
     echo -e "  ${INFO} Enabling logging..."
     local str="Logging has been enabled!"
   else
@@ -285,27 +291,29 @@ Options:
 }
 
 analyze_ports() {
+  local lv4 lv6 port=${1}
   # FTL is listening at least on at least one port when this
   # function is getting called
-  echo -e "  ${TICK} DNS service is listening"
   # Check individual address family/protocol combinations
   # For a healthy Pi-hole, they should all be up (nothing printed)
-  if grep -q "IPv4.*UDP" <<< "${1}"; then
+  lv4="$(ss --ipv4 --listening --numeric --tcp --udp src :${port})"
+  if grep -q "udp " <<< "${lv4}"; then
       echo -e "     ${TICK} UDP (IPv4)"
   else
       echo -e "     ${CROSS} UDP (IPv4)"
   fi
-  if grep -q "IPv4.*TCP" <<< "${1}"; then
+  if grep -q "tcp " <<< "${lv4}"; then
       echo -e "     ${TICK} TCP (IPv4)"
   else
       echo -e "     ${CROSS} TCP (IPv4)"
   fi
-  if grep -q "IPv6.*UDP" <<< "${1}"; then
+  lv6="$(ss --ipv6 --listening --numeric --tcp --udp src :${port})"
+  if grep -q "udp " <<< "${lv6}"; then
       echo -e "     ${TICK} UDP (IPv6)"
   else
       echo -e "     ${CROSS} UDP (IPv6)"
   fi
-  if grep -q "IPv6.*TCP" <<< "${1}"; then
+  if grep -q "tcp " <<< "${lv6}"; then
       echo -e "     ${TICK} TCP (IPv6)"
   else
       echo -e "     ${CROSS} TCP (IPv6)"
@@ -314,20 +322,36 @@ analyze_ports() {
 }
 
 statusFunc() {
-  # Determine if there is a pihole service is listening on port 53
-  local listening
-  listening="$(lsof -Pni:53)"
-  if grep -q "pihole" <<< "${listening}"; then
-    if [[ "${1}" != "web" ]]; then
-      analyze_ports "${listening}"
+    # Determine if there is pihole-FTL service is listening
+    local pid port ftl_api_port ftl_pid_file
+
+    ftl_pid_file="$(getFTLPIDFile)"
+
+    pid="$(getFTLPID ${ftl_pid_file})"
+
+    ftl_api_port="$(getFTLAPIPort)"
+    if [[ "$pid" -eq "-1" ]]; then
+        case "${1}" in
+            "web") echo "-1";;
+            *) echo -e "  ${CROSS} DNS service is NOT running";;
+        esac
+        return 0
+    else
+        #get the DNS port pihole-FTL is listening on by using FTL's telnet API
+        port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
+        if [[ "${port}" == "0" ]]; then
+            case "${1}" in
+                "web") echo "-1";;
+                *) echo -e "  ${CROSS} DNS service is NOT listening";;
+            esac
+            return 0
+        else
+            if [[ "${1}" != "web" ]]; then
+                echo -e "  ${TICK} FTL is listening on port ${port}"
+                analyze_ports "${port}"
+            fi
+        fi
     fi
-  else
-    case "${1}" in
-      "web") echo "-1";;
-      *) echo -e "  ${CROSS} DNS service is NOT listening";;
-    esac
-    return 0
-  fi
 
   # Determine if Pi-hole's blocking is enabled
   if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
@@ -339,18 +363,19 @@ statusFunc() {
   elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf;  then
     # Configs are set
     case "${1}" in
-      "web") echo 1;;
+      "web") echo "$port";;
       *) echo -e "  ${TICK} Pi-hole blocking is enabled";;
     esac
   else
     # No configs were found
     case "${1}" in
-      "web") echo 99;;
+      "web") echo -2;;
       *) echo -e "  ${INFO} Pi-hole blocking will be enabled";;
     esac
     # Enable blocking
     "${PI_HOLE_BIN_DIR}"/pihole enable
   fi
+exit 0
 }
 
 tailFunc() {
@@ -363,16 +388,13 @@ tailFunc() {
   fi
   echo -e "  ${INFO} Press Ctrl-C to exit"
 
-  # Retrieve IPv4/6 addresses
-  source /etc/pihole/setupVars.conf
-
   # Strip date from each line
   # Color blocklist/blacklist/wildcard entries as red
   # Color A/AAAA/DHCP strings as white
   # Color everything else as gray
-  tail -f /var/log/pihole.log | sed -E \
+  tail -f /var/log/pihole/pihole.log | grep --line-buffered "${1}" | sed -E \
     -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
-    -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
+    -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \
     -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
     -e "s,.*,${COL_GRAY}&${COL_NC},"
   exit 0
@@ -402,34 +424,24 @@ Branches:
 }
 
 tricorderFunc() {
+  local tricorder_token
   if [[ ! -p "/dev/stdin" ]]; then
     echo -e "  ${INFO} Please do not call Tricorder directly"
     exit 1
   fi
 
-  if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then
-    echo -e "  ${CROSS} Unable to connect to Pi-hole's Tricorder server"
-    exit 1
-  fi
-
-  if command -v openssl &> /dev/null; then
-    openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin
-    exit "$?"
-  else
-    echo -e "  ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed
-       Your debug log will be transmitted unencrypted via plain-text
-       There is a possibility that this could be intercepted by a third party
-       If you wish to cancel, press Ctrl-C to exit within 10 seconds"
-    secs="10"
-    while [[ "$secs" -gt "0" ]]; do
-       echo -ne "."
-       sleep 1
-       : $((secs--))
-    done
-    echo " "
-    nc tricorder.pi-hole.net 9999 < /dev/stdin
-    exit "$?"
+  tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1)
+  if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then
+      echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance."
+      # Log curl error (if available)
+      if [ -n "${tricorder_token}" ]; then
+          echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n"
+          tricorder_token=""
+      fi
+      exit 1
   fi
+  echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}"
+  exit 0
 }
 
 updateCheckFunc() {
@@ -437,6 +449,11 @@ updateCheckFunc() {
   exit 0
 }
 
+unsupportedFunc(){
+  echo "Function not supported in Docker images"
+  exit 0
+}
+
 helpFunc() {
   echo "Usage: pihole [options]
 Example: 'pihole -w -h'
@@ -453,10 +470,14 @@ Whitelist/Blacklist Options:
 
 Debugging Options:
   -d, debug           Start a debugging session
+                        Add '-c' or '--check-database' to include a Pi-hole database integrity check
                         Add '-a' to automatically upload the log to tricorder.pi-hole.net
   -f, flush           Flush the Pi-hole log
   -r, reconfigure     Reconfigure or Repair Pi-hole subsystems
-  -t, tail            View the live output of the Pi-hole log
+  -t, tail [arg]      View the live output of the Pi-hole log.
+                      Add an optional argument to filter the log
+                      (regular expressions are supported)
+
 
 Options:
   -a, admin           Web interface options
@@ -491,8 +512,39 @@ if [[ $# = 0 ]]; then
   helpFunc
 fi
 
+# functions that do not require sudo power
 case "${1}" in
   "-h" | "help" | "--help"      ) helpFunc;;
+  "-v" | "version"              ) versionFunc "$@";;
+  "-c" | "chronometer"          ) chronometerFunc "$@";;
+  "-q" | "query"                ) queryFunc "$@";;
+  "status"                      ) statusFunc "$2";;
+
+  "tricorder"                   ) tricorderFunc;;
+
+  # we need to add all arguments that require sudo power to not trigger the * argument
+  "-w" | "whitelist"            ) ;;
+  "-b" | "blacklist"            ) ;;
+  "--wild" | "wildcard"         ) ;;
+  "--regex" | "regex"           ) ;;
+  "--white-regex" | "white-regex" ) ;;
+  "--white-wild" | "white-wild"   ) ;;
+  "-f" | "flush"                ) ;;
+  "-up" | "updatePihole"        ) ;;
+  "-r"  | "reconfigure"         ) ;;
+  "-g" | "updateGravity"        ) ;;
+  "-l" | "logging"              ) ;;
+  "uninstall"                   ) ;;
+  "enable"                      ) ;;
+  "disable"                     ) ;;
+  "-d" | "debug"                ) ;;
+  "restartdns"                  ) ;;
+  "-a" | "admin"                ) ;;
+  "checkout"                    ) ;;
+  "updatechecker"               ) ;;
+  "arpflush"                    ) ;;
+  "-t" | "tail"                 ) ;;
+  *                             ) helpFunc;;
 esac
 
 # Must be root to use this tool
@@ -519,21 +571,14 @@ case "${1}" in
   "-up" | "updatePihole"        ) updatePiholeFunc "$@";;
   "-r"  | "reconfigure"         ) reconfigurePiholeFunc;;
   "-g" | "updateGravity"        ) updateGravityFunc "$@";;
-  "-c" | "chronometer"          ) chronometerFunc "$@";;
-  "-h" | "help"                 ) helpFunc;;
-  "-v" | "version"              ) versionFunc "$@";;
-  "-q" | "query"                ) queryFunc "$@";;
   "-l" | "logging"              ) piholeLogging "$@";;
   "uninstall"                   ) uninstallFunc;;
   "enable"                      ) piholeEnable 1;;
   "disable"                     ) piholeEnable 0 "$2";;
-  "status"                      ) statusFunc "$2";;
   "restartdns"                  ) restartDNS "$2";;
   "-a" | "admin"                ) webpageFunc "$@";;
-  "-t" | "tail"                 ) tailFunc;;
   "checkout"                    ) piholeCheckoutFunc "$@";;
-  "tricorder"                   ) tricorderFunc;;
-  "updatechecker"               ) updateCheckFunc "$@";;
+  "updatechecker"               ) shift; updateCheckFunc "$@";;
   "arpflush"                    ) arpFunc "$@";;
-  *                             ) helpFunc;;
+  "-t" | "tail"                 ) tailFunc "$2";;
 esac

supportedos.txt

@@ -1,5 +0,0 @@
-Raspbian=9,10
-Ubuntu=16,18,20
-Debian=9,10
-Fedora=32,33
-CentOS=7,8

test/README.md

@@ -18,8 +18,8 @@ py.test -vv -n auto -m "build_stage"
 py.test -vv -n auto -m "not build_stage"
 ```
 
-The build_stage tests have to run first to create the docker images, followed by the actual tests which utilize said images.  Unless you're changing your dockerfiles you shouldn't have to run the build_stage every time - but it's a good idea to rebuild at least once a day in case the base Docker images or packages change.
+The build_stage tests have to run first to create the docker images, followed by the actual tests which utilize said images. Unless you're changing your dockerfiles you shouldn't have to run the build_stage every time - but it's a good idea to rebuild at least once a day in case the base Docker images or packages change.
 
 # How do I debug python?
 
-Highly recommended: Setup PyCharm on a **Docker enabled** machine.  Having a python debugger like PyCharm changes your life if you've never used it :)
+Highly recommended: Setup PyCharm on a **Docker enabled** machine. Having a python debugger like PyCharm changes your life if you've never used it :)

test/_centos_8.Dockerfile

@@ -1,4 +1,5 @@
-FROM centos:8
+FROM quay.io/centos/centos:stream8
+RUN yum install -y git initscripts
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -11,6 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_centos_9.Dockerfile

@@ -0,0 +1,18 @@
+FROM quay.io/centos/centos:stream9
+RUN yum install -y --allowerasing curl git initscripts
+
+ENV GITDIR /etc/.pihole
+ENV SCRIPTDIR /opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
+ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_10.Dockerfile

@@ -11,6 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_11.Dockerfile

@@ -1,4 +1,4 @@
-FROM fedora:33
+FROM buildpack-deps:bullseye-scm
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -11,6 +11,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_36.Dockerfile

@@ -1,4 +1,5 @@
-FROM centos:7
+FROM fedora:36
+RUN dnf install -y git initscripts
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -11,6 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_37.Dockerfile

@@ -1,4 +1,5 @@
-FROM buildpack-deps:stretch-scm
+FROM fedora:37
+RUN dnf install -y git initscripts
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -11,6 +12,7 @@ ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_16.Dockerfile

@@ -1,16 +0,0 @@
-FROM buildpack-deps:xenial-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_18.Dockerfile

@@ -1,16 +0,0 @@
-FROM buildpack-deps:bionic-scm
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV PH_TEST true
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_20.Dockerfile

@@ -12,6 +12,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_22.Dockerfile

@@ -1,4 +1,4 @@
-FROM fedora:32
+FROM buildpack-deps:jammy-scm
 
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -7,10 +7,12 @@ RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+ENV DEBIAN_FRONTEND=noninteractive
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV PH_TEST true
+ENV SKIP_INSTALL true
+ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/conftest.py

@@ -1,153 +1,224 @@
 import pytest
 import testinfra
+import testinfra.backend.docker
+import subprocess
 from textwrap import dedent
 
-check_output = testinfra.get_backend(
-    "local://"
-).get_module("Command").check_output
 
 SETUPVARS = {
-    'PIHOLE_INTERFACE': 'eth99',
-    'IPV4_ADDRESS': '1.1.1.1',
-    'IPV6_ADDRESS': 'FE80::240:D0FF:FE48:4672',
-    'PIHOLE_DNS_1': '4.2.2.1',
-    'PIHOLE_DNS_2': '4.2.2.2'
+    "PIHOLE_INTERFACE": "eth99",
+    "PIHOLE_DNS_1": "4.2.2.1",
+    "PIHOLE_DNS_2": "4.2.2.2",
 }
 
+IMAGE = "pytest_pihole:test_container"
+
 tick_box = "[\x1b[1;32m\u2713\x1b[0m]"
 cross_box = "[\x1b[1;31m\u2717\x1b[0m]"
 info_box = "[i]"
 
 
-@pytest.fixture
-def Pihole(Docker):
-    '''
-    used to contain some script stubbing, now pretty much an alias.
-    Also provides bash as the default run function shell
-    '''
-    def run_bash(self, command, *args, **kwargs):
-        cmd = self.get_command(command, *args)
-        if self.user is not None:
-            out = self.run_local(
-                "docker exec -u %s %s /bin/bash -c %s",
-                self.user, self.name, cmd)
-        else:
-            out = self.run_local(
-                "docker exec %s /bin/bash -c %s", self.name, cmd)
-        out.command = self.encode(cmd)
-        return out
+# Monkeypatch sh to bash, if they ever support non hard code /bin/sh this can go away
+# https://github.com/pytest-dev/pytest-testinfra/blob/master/testinfra/backend/docker.py
+def run_bash(self, command, *args, **kwargs):
+    cmd = self.get_command(command, *args)
+    if self.user is not None:
+        out = self.run_local(
+            "docker exec -u %s %s /bin/bash -c %s", self.user, self.name, cmd
+        )
+    else:
+        out = self.run_local("docker exec %s /bin/bash -c %s", self.name, cmd)
+    out.command = self.encode(cmd)
+    return out
 
-    funcType = type(Docker.run)
-    Docker.run = funcType(run_bash, Docker)
-    return Docker
+
+testinfra.backend.docker.DockerBackend.run = run_bash
 
 
 @pytest.fixture
-def Docker(request, args, image, cmd):
-    '''
-    combine our fixtures into a docker run command and setup finalizer to
-    cleanup
-    '''
-    assert 'docker' in check_output('id'), "Are you in the docker group?"
-    docker_run = "docker run {} {} {}".format(args, image, cmd)
-    docker_id = check_output(docker_run)
+def host():
+    # run a container
+    docker_id = (
+        subprocess.check_output(["docker", "run", "-t", "-d", "--cap-add=ALL", IMAGE])
+        .decode()
+        .strip()
+    )
 
-    def teardown():
-        check_output("docker rm -f %s", docker_id)
-    request.addfinalizer(teardown)
+    # return a testinfra connection to the container
+    docker_host = testinfra.get_host("docker://" + docker_id)
 
-    docker_container = testinfra.get_backend("docker://" + docker_id)
-    docker_container.id = docker_id
-    return docker_container
-
-
-@pytest.fixture
-def args(request):
-    '''
-    -t became required when tput began being used
-    '''
-    return '-t -d'
-
-
-@pytest.fixture(params=[
-    'test_container'
-])
-def tag(request):
-    '''
-    consumed by image to make the test matrix
-    '''
-    return request.param
-
-
-@pytest.fixture()
-def image(request, tag):
-    '''
-    built by test_000_build_containers.py
-    '''
-    return 'pytest_pihole:{}'.format(tag)
-
-
-@pytest.fixture()
-def cmd(request):
-    '''
-    default to doing nothing by tailing null, but don't exit
-    '''
-    return 'tail -f /dev/null'
+    yield docker_host
+    # at the end of the test suite, destroy the container
+    subprocess.check_call(["docker", "rm", "-f", docker_id])
 
 
 # Helper functions
 def mock_command(script, args, container):
-    '''
+    """
     Allows for setup of commands we don't really want to have to run for real
     in unit tests
-    '''
-    full_script_path = '/usr/local/bin/{}'.format(script)
-    mock_script = dedent('''\
+    """
+    full_script_path = "/usr/local/bin/{}".format(script)
+    mock_script = dedent(
+        r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1" in'''.format(script=script))
+    case "\$1" in""".format(
+            script=script
+        )
+    )
     for k, v in args.items():
-        case = dedent('''
+        case = dedent(
+            """
         {arg})
         echo {res}
         exit {retcode}
-        ;;'''.format(arg=k, res=v[0], retcode=v[1]))
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
         mock_script += case
-    mock_script += dedent('''
-    esac''')
-    container.run('''
+    mock_script += dedent(
+        """
+    esac"""
+    )
+    container.run(
+        """
     cat <<EOF> {script}\n{content}\nEOF
     chmod +x {script}
-    rm -f /var/log/{scriptlog}'''.format(script=full_script_path,
-                                         content=mock_script,
-                                         scriptlog=script))
+    rm -f /var/log/{scriptlog}""".format(
+            script=full_script_path, content=mock_script, scriptlog=script
+        )
+    )
+
+
+def mock_command_passthrough(script, args, container):
+    """
+    Per other mock_command* functions, allows intercepting of commands we don't want to run for real
+    in unit tests, however also allows only specific arguments to be mocked. Anything not defined will
+    be passed through to the actual command.
+
+    Example use-case: mocking `git pull` but still allowing `git clone` to work as intended
+    """
+    orig_script_path = container.check_output("command -v {}".format(script))
+    full_script_path = "/usr/local/bin/{}".format(script)
+    mock_script = dedent(
+        r"""\
+    #!/bin/bash -e
+    echo "\$0 \$@" >> /var/log/{script}
+    case "\$1" in""".format(
+            script=script
+        )
+    )
+    for k, v in args.items():
+        case = dedent(
+            """
+        {arg})
+        echo {res}
+        exit {retcode}
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
+        mock_script += case
+    mock_script += dedent(
+        r"""
+    *)
+    {orig_script_path} "\$@"
+    ;;""".format(
+            orig_script_path=orig_script_path
+        )
+    )
+    mock_script += dedent(
+        """
+    esac"""
+    )
+    container.run(
+        """
+    cat <<EOF> {script}\n{content}\nEOF
+    chmod +x {script}
+    rm -f /var/log/{scriptlog}""".format(
+            script=full_script_path, content=mock_script, scriptlog=script
+        )
+    )
+
+
+def mock_command_run(script, args, container):
+    """
+    Allows for setup of commands we don't really want to have to run for real
+    in unit tests
+    """
+    full_script_path = "/usr/local/bin/{}".format(script)
+    mock_script = dedent(
+        r"""\
+    #!/bin/bash -e
+    echo "\$0 \$@" >> /var/log/{script}
+    case "\$1 \$2" in""".format(
+            script=script
+        )
+    )
+    for k, v in args.items():
+        case = dedent(
+            """
+        \"{arg}\")
+        echo {res}
+        exit {retcode}
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
+        mock_script += case
+    mock_script += dedent(
+        """
+    esac"""
+    )
+    container.run(
+        """
+    cat <<EOF> {script}\n{content}\nEOF
+    chmod +x {script}
+    rm -f /var/log/{scriptlog}""".format(
+            script=full_script_path, content=mock_script, scriptlog=script
+        )
+    )
 
 
 def mock_command_2(script, args, container):
-    '''
+    """
     Allows for setup of commands we don't really want to have to run for real
     in unit tests
-    '''
-    full_script_path = '/usr/local/bin/{}'.format(script)
-    mock_script = dedent('''\
+    """
+    full_script_path = "/usr/local/bin/{}".format(script)
+    mock_script = dedent(
+        r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1 \$2" in'''.format(script=script))
+    case "\$1 \$2" in""".format(
+            script=script
+        )
+    )
     for k, v in args.items():
-        case = dedent('''
+        case = dedent(
+            """
         \"{arg}\")
         echo \"{res}\"
         exit {retcode}
-        ;;'''.format(arg=k, res=v[0], retcode=v[1]))
+        ;;""".format(
+                arg=k, res=v[0], retcode=v[1]
+            )
+        )
         mock_script += case
-    mock_script += dedent('''
-    esac''')
-    container.run('''
+    mock_script += dedent(
+        """
+    esac"""
+    )
+    container.run(
+        """
     cat <<EOF> {script}\n{content}\nEOF
     chmod +x {script}
-    rm -f /var/log/{scriptlog}'''.format(script=full_script_path,
-                                         content=mock_script,
-                                         scriptlog=script))
+    rm -f /var/log/{scriptlog}""".format(
+            script=full_script_path, content=mock_script, scriptlog=script
+        )
+    )
 
 
 def run_script(Pihole, script):

test/requirements.txt

@@ -1,6 +1,6 @@
-docker-compose==1.23.2
-pytest==4.3.0
-pytest-xdist==1.26.1
-pytest-cov==2.6.1
-testinfra==1.19.0
-tox==3.7.0
+docker-compose == 1.29.2
+pytest == 7.2.2
+pytest-xdist == 3.2.1
+pytest-testinfra == 7.0.0
+tox == 4.4.7
+

test/setup.py

@@ -1,6 +1,7 @@
 from setuptools import setup
 
 setup(
-    setup_requires=['pytest-runner'],
-    tests_require=['pytest'],
+    py_modules=[],
+    setup_requires=["pytest-runner"],
+    tests_require=["pytest"],
 )

test/test_any_utils.py

@@ -0,0 +1,188 @@
+def test_key_val_replacement_works(host):
+    """Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file"""
+    host.run(
+        """
+    source /opt/pihole/utils.sh
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
+    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3"
+    addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4"
+    """
+    )
+    output = host.run(
+        """
+    cat ./testoutput
+    """
+    )
+    expected_stdout = "KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n"
+    assert expected_stdout == output.stdout
+
+
+def test_key_addition_works(host):
+    """Confirms addKey adds a key (no value) to a file without duplicating it"""
+    host.run(
+        """
+    source /opt/pihole/utils.sh
+    addKey "./testoutput" "KEY_ONE"
+    addKey "./testoutput" "KEY_ONE"
+    addKey "./testoutput" "KEY_TWO"
+    addKey "./testoutput" "KEY_TWO"
+    addKey "./testoutput" "KEY_THREE"
+    addKey "./testoutput" "KEY_THREE"
+    """
+    )
+    output = host.run(
+        """
+    cat ./testoutput
+    """
+    )
+    expected_stdout = "KEY_ONE\nKEY_TWO\nKEY_THREE\n"
+    assert expected_stdout == output.stdout
+
+
+def test_key_addition_substr(host):
+    """Confirms addKey adds substring keys (no value) to a file"""
+    host.run(
+        """
+    source /opt/pihole/utils.sh
+    addKey "./testoutput" "KEY_ONE"
+    addKey "./testoutput" "KEY_O"
+    addKey "./testoutput" "KEY_TWO"
+    addKey "./testoutput" "Y_TWO"
+    """
+    )
+    output = host.run(
+        """
+    cat ./testoutput
+    """
+    )
+    expected_stdout = "KEY_ONE\nKEY_O\nKEY_TWO\nY_TWO\n"
+    assert expected_stdout == output.stdout
+
+
+def test_key_removal_works(host):
+    """Confirms removeKey removes a key or key/value pair"""
+    host.run(
+        """
+    source /opt/pihole/utils.sh
+    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
+    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
+    addOrEditKeyValPair "./testoutput" "KEY_THREE" "value3"
+    addKey "./testoutput" "KEY_FOUR"
+    removeKey "./testoutput" "KEY_TWO"
+    removeKey "./testoutput" "KEY_FOUR"
+    """
+    )
+    output = host.run(
+        """
+    cat ./testoutput
+    """
+    )
+    expected_stdout = "KEY_ONE=value1\nKEY_THREE=value3\n"
+    assert expected_stdout == output.stdout
+
+
+def test_get_value_works(host):
+    """Confirms getVal returns the correct value for a given key"""
+    output = host.run(
+        """
+    source /opt/pihole/utils.sh
+    echo "Somekey=xxx" >> /tmp/testfile
+    echo "#Testkey=1234" >> /tmp/testfile
+    echo "Testkey=5678" >> /tmp/testfile
+    echo "Testkey=abcd" >> /tmp/testfile
+    getVal "/tmp/testfile" "Testkey"
+    """
+    )
+    expected_stdout = "5678"
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPort_default(host):
+    """Confirms getFTLAPIPort returns the default API port"""
+    output = host.run(
+        """
+    source /opt/pihole/utils.sh
+    getFTLAPIPort
+    """
+    )
+    expected_stdout = "4711\n"
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPort_custom(host):
+    """Confirms getFTLAPIPort returns a custom API port"""
+    host.run(
+        """
+    echo "FTLPORT=1234" > /etc/pihole/pihole-FTL.conf
+    """
+    )
+    output = host.run(
+        """
+    source /opt/pihole/utils.sh
+    getFTLAPIPort
+    """
+    )
+    expected_stdout = "1234\n"
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLAPIPort_malicious(host):
+    """Confirms getFTLAPIPort returns 4711 if the setting in pihole-FTL.conf contains non-digits"""
+    host.run(
+        """
+    echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf
+    """
+    )
+    output = host.run(
+        """
+    source /opt/pihole/utils.sh
+    getFTLAPIPort
+    """
+    )
+    expected_stdout = "4711\n"
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_default(host):
+    """Confirms getFTLPIDFile returns the default PID file path"""
+    output = host.run(
+        """
+    source /opt/pihole/utils.sh
+    getFTLPIDFile
+    """
+    )
+    expected_stdout = "/run/pihole-FTL.pid\n"
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPID_default(host):
+    """Confirms getFTLPID returns the default value if FTL is not running"""
+    output = host.run(
+        """
+    source /opt/pihole/utils.sh
+    getFTLPID
+    """
+    )
+    expected_stdout = "-1\n"
+    assert expected_stdout == output.stdout
+
+
+def test_getFTLPIDFile_and_getFTLPID_custom(host):
+    """Confirms getFTLPIDFile returns a custom PID file path"""
+    host.run(
+        """
+    tmpfile=$(mktemp)
+    echo "PIDFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
+    echo "1234" > ${tmpfile}
+    """
+    )
+    output = host.run(
+        """
+    source /opt/pihole/utils.sh
+    FTL_PID_FILE=$(getFTLPIDFile)
+    getFTLPID "${FTL_PID_FILE}"
+    """
+    )
+    expected_stdout = "1234\n"
+    assert expected_stdout == output.stdout

test/test_automated_install.py

@@ -1,599 +0,0 @@
-from textwrap import dedent
-import re
-from .conftest import (
-    SETUPVARS,
-    tick_box,
-    info_box,
-    cross_box,
-    mock_command,
-    mock_command_2,
-    run_script
-)
-
-
-def test_supported_operating_system(Pihole):
-    '''
-    confirm installer exists on unsupported distribution
-    '''
-    # break supported package managers to emulate an unsupported distribution
-    Pihole.run('rm -rf /usr/bin/apt-get')
-    Pihole.run('rm -rf /usr/bin/rpm')
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    expected_stdout = cross_box + ' OS distribution not supported'
-    assert expected_stdout in distro_check.stdout
-    # assert distro_check.rc == 1
-
-
-def test_setupVars_are_sourced_to_global_scope(Pihole):
-    '''
-    currently update_dialogs sources setupVars with a dot,
-    then various other functions use the variables.
-    This confirms the sourced variables are in scope between functions
-    '''
-    setup_var_file = 'cat <<EOF> /etc/pihole/setupVars.conf\n'
-    for k, v in SETUPVARS.items():
-        setup_var_file += "{}={}\n".format(k, v)
-    setup_var_file += "EOF\n"
-    Pihole.run(setup_var_file)
-
-    script = dedent('''\
-    set -e
-    printSetupVars() {
-        # Currently debug test function only
-        echo "Outputting sourced variables"
-        echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
-        echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
-        echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
-        echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
-        echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
-    }
-    update_dialogs() {
-        . /etc/pihole/setupVars.conf
-    }
-    update_dialogs
-    printSetupVars
-    ''')
-
-    output = run_script(Pihole, script).stdout
-
-    for k, v in SETUPVARS.items():
-        assert "{}={}".format(k, v) in output
-
-
-def test_setupVars_saved_to_file(Pihole):
-    '''
-    confirm saved settings are written to a file for future updates to re-use
-    '''
-    # dedent works better with this and padding matching script below
-    set_setup_vars = '\n'
-    for k, v in SETUPVARS.items():
-        set_setup_vars += "    {}={}\n".format(k, v)
-    Pihole.run(set_setup_vars).stdout
-
-    script = dedent('''\
-    set -e
-    echo start
-    TERM=xterm
-    source /opt/pihole/basic-install.sh
-    {}
-    mkdir -p /etc/dnsmasq.d
-    version_check_dnsmasq
-    echo "" > /etc/pihole/pihole-FTL.conf
-    finalExports
-    cat /etc/pihole/setupVars.conf
-    '''.format(set_setup_vars))
-
-    output = run_script(Pihole, script).stdout
-
-    for k, v in SETUPVARS.items():
-        assert "{}={}".format(k, v) in output
-
-
-def test_selinux_not_detected(Pihole):
-    '''
-    confirms installer continues when SELinux configuration file does not exist
-    '''
-    check_selinux = Pihole.run('''
-    rm -f /etc/selinux/config
-    source /opt/pihole/basic-install.sh
-    checkSelinux
-    ''')
-    expected_stdout = info_box + ' SELinux not detected'
-    assert expected_stdout in check_selinux.stdout
-    assert check_selinux.rc == 0
-
-
-def test_installPiholeWeb_fresh_install_no_errors(Pihole):
-    '''
-    confirms all web page assets from Core repo are installed on a fresh build
-    '''
-    installWeb = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    installPiholeWeb
-    ''')
-    expected_stdout = info_box + ' Installing blocking page...'
-    assert expected_stdout in installWeb.stdout
-    expected_stdout = tick_box + (' Creating directory for blocking page, '
-                                  'and copying files')
-    assert expected_stdout in installWeb.stdout
-    expected_stdout = info_box + ' Backing up index.lighttpd.html'
-    assert expected_stdout in installWeb.stdout
-    expected_stdout = ('No default index.lighttpd.html file found... '
-                       'not backing up')
-    assert expected_stdout in installWeb.stdout
-    expected_stdout = tick_box + ' Installing sudoer file'
-    assert expected_stdout in installWeb.stdout
-    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
-    assert 'index.php' in web_directory
-    assert 'blockingpage.css' in web_directory
-
-
-def test_update_package_cache_success_no_errors(Pihole):
-    '''
-    confirms package cache was updated without any errors
-    '''
-    updateCache = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    update_package_cache
-    ''')
-    expected_stdout = tick_box + ' Update local cache of available packages'
-    assert expected_stdout in updateCache.stdout
-    assert 'error' not in updateCache.stdout.lower()
-
-
-def test_update_package_cache_failure_no_errors(Pihole):
-    '''
-    confirms package cache was not updated
-    '''
-    mock_command('apt-get', {'update': ('', '1')}, Pihole)
-    updateCache = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    update_package_cache
-    ''')
-    expected_stdout = cross_box + ' Update local cache of available packages'
-    assert expected_stdout in updateCache.stdout
-    assert 'Error: Unable to update package cache.' in updateCache.stdout
-
-
-def test_FTL_detect_aarch64_no_errors(Pihole):
-    '''
-    confirms only aarch64 package is downloaded for FTL engine
-    '''
-    # mock uname to return aarch64 platform
-    mock_command('uname', {'-m': ('aarch64', '0')}, Pihole)
-    # mock ldd to respond with aarch64 shared library
-    mock_command(
-        'ldd',
-        {
-            '/bin/ls': (
-                '/lib/ld-linux-aarch64.so.1',
-                '0'
-            )
-        },
-        Pihole
-    )
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = info_box + ' FTL Checks...'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Detected AArch64 (64 Bit ARM) processor'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_detect_armv4t_no_errors(Pihole):
-    '''
-    confirms only armv4t package is downloaded for FTL engine
-    '''
-    # mock uname to return armv4t platform
-    mock_command('uname', {'-m': ('armv4t', '0')}, Pihole)
-    # mock ldd to respond with ld-linux shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, Pihole)
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = info_box + ' FTL Checks...'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + (' Detected ARMv4 processor')
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_detect_armv5te_no_errors(Pihole):
-    '''
-    confirms only armv5te package is downloaded for FTL engine
-    '''
-    # mock uname to return armv5te platform
-    mock_command('uname', {'-m': ('armv5te', '0')}, Pihole)
-    # mock ldd to respond with ld-linux shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux.so.3', '0')}, Pihole)
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = info_box + ' FTL Checks...'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + (' Detected ARMv5 (or newer) processor')
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_detect_armv6l_no_errors(Pihole):
-    '''
-    confirms only armv6l package is downloaded for FTL engine
-    '''
-    # mock uname to return armv6l platform
-    mock_command('uname', {'-m': ('armv6l', '0')}, Pihole)
-    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = info_box + ' FTL Checks...'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + (' Detected ARMv6 processor '
-                                  '(with hard-float support)')
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_detect_armv7l_no_errors(Pihole):
-    '''
-    confirms only armv7l package is downloaded for FTL engine
-    '''
-    # mock uname to return armv7l platform
-    mock_command('uname', {'-m': ('armv7l', '0')}, Pihole)
-    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = info_box + ' FTL Checks...'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + (' Detected ARMv7 processor '
-                                  '(with hard-float support)')
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_detect_armv8a_no_errors(Pihole):
-    '''
-    confirms only armv8a package is downloaded for FTL engine
-    '''
-    # mock uname to return armv8a platform
-    mock_command('uname', {'-m': ('armv8a', '0')}, Pihole)
-    # mock ldd to respond with ld-linux-armhf shared library
-    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = info_box + ' FTL Checks...'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Detected ARMv8 (or newer) processor'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_detect_x86_64_no_errors(Pihole):
-    '''
-    confirms only x86_64 package is downloaded for FTL engine
-    '''
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = info_box + ' FTL Checks...'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Detected x86_64 processor'
-    assert expected_stdout in detectPlatform.stdout
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_detect_unknown_no_errors(Pihole):
-    ''' confirms only generic package is downloaded for FTL engine '''
-    # mock uname to return generic platform
-    mock_command('uname', {'-m': ('mips', '0')}, Pihole)
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    ''')
-    expected_stdout = 'Not able to detect processor (unknown: mips)'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_FTL_download_aarch64_no_errors(Pihole):
-    '''
-    confirms only aarch64 package is downloaded for FTL engine
-    '''
-    # mock whiptail answers and ensure installer dependencies
-    mock_command('whiptail', {'*': ('', '0')}, Pihole)
-    Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    install_dependent_packages ${INSTALLER_DEPS[@]}
-    ''')
-    download_binary = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    FTLinstall "pihole-FTL-aarch64-linux-gnu"
-    ''')
-    expected_stdout = tick_box + ' Downloading and Installing FTL'
-    assert expected_stdout in download_binary.stdout
-    assert 'error' not in download_binary.stdout.lower()
-
-
-def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
-    '''
-    confirms FTL binary is copied and functional in installed location
-    '''
-    installed_binary = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    create_pihole_user
-    funcOutput=$(get_binary_name)
-    binary="pihole-FTL${funcOutput##*pihole-FTL}"
-    theRest="${funcOutput%pihole-FTL*}"
-    FTLdetect "${binary}" "${theRest}"
-    pihole-FTL version
-    ''')
-    expected_stdout = 'v'
-    assert expected_stdout in installed_binary.stdout
-
-
-# def test_FTL_support_files_installed(Pihole):
-#     '''
-#     confirms FTL support files are installed
-#     '''
-#     support_files = Pihole.run('''
-#     source /opt/pihole/basic-install.sh
-#     FTLdetect
-#     stat -c '%a %n' /var/log/pihole-FTL.log
-#     stat -c '%a %n' /run/pihole-FTL.port
-#     stat -c '%a %n' /run/pihole-FTL.pid
-#     ls -lac /run
-#     ''')
-#     assert '644 /run/pihole-FTL.port' in support_files.stdout
-#     assert '644 /run/pihole-FTL.pid' in support_files.stdout
-#     assert '644 /var/log/pihole-FTL.log' in support_files.stdout
-
-
-def test_IPv6_only_link_local(Pihole):
-    '''
-    confirms IPv6 blocking is disabled for Link-local address
-    '''
-    # mock ip -6 address to return Link-local address
-    mock_command_2(
-        'ip',
-        {
-            '-6 address': (
-                'inet6 fe80::d210:52fa:fe00:7ad7/64 scope link',
-                '0'
-            )
-        },
-        Pihole
-    )
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    useIPv6dialog
-    ''')
-    expected_stdout = ('Unable to find IPv6 ULA/GUA address, '
-                       'IPv6 adblocking will not be enabled')
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_IPv6_only_ULA(Pihole):
-    '''
-    confirms IPv6 blocking is enabled for ULA addresses
-    '''
-    # mock ip -6 address to return ULA address
-    mock_command_2(
-        'ip',
-        {
-            '-6 address': (
-                'inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global',
-                '0'
-            )
-        },
-        Pihole
-    )
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    useIPv6dialog
-    ''')
-    expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_IPv6_only_GUA(Pihole):
-    '''
-    confirms IPv6 blocking is enabled for GUA addresses
-    '''
-    # mock ip -6 address to return GUA address
-    mock_command_2(
-        'ip',
-        {
-            '-6 address': (
-                'inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global',
-                '0'
-            )
-        },
-        Pihole
-    )
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    useIPv6dialog
-    ''')
-    expected_stdout = 'Found IPv6 GUA address, using it for blocking IPv6 ads'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_IPv6_GUA_ULA_test(Pihole):
-    '''
-    confirms IPv6 blocking is enabled for GUA and ULA addresses
-    '''
-    # mock ip -6 address to return GUA and ULA addresses
-    mock_command_2(
-        'ip',
-        {
-            '-6 address': (
-                'inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global\n'
-                'inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global',
-                '0'
-            )
-        },
-        Pihole
-    )
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    useIPv6dialog
-    ''')
-    expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_IPv6_ULA_GUA_test(Pihole):
-    '''
-    confirms IPv6 blocking is enabled for GUA and ULA addresses
-    '''
-    # mock ip -6 address to return ULA and GUA addresses
-    mock_command_2(
-        'ip',
-        {
-            '-6 address': (
-                'inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global\n'
-                'inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global',
-                '0'
-            )
-        },
-        Pihole
-    )
-    detectPlatform = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    useIPv6dialog
-    ''')
-    expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
-    assert expected_stdout in detectPlatform.stdout
-
-
-def test_validate_ip(Pihole):
-    '''
-    Tests valid_ip for various IP addresses
-    '''
-
-    def test_address(addr, success=True):
-        output = Pihole.run('''
-        source /opt/pihole/basic-install.sh
-        valid_ip "{addr}"
-        '''.format(addr=addr))
-
-        assert output.rc == 0 if success else 1
-
-    test_address('192.168.1.1')
-    test_address('127.0.0.1')
-    test_address('255.255.255.255')
-    test_address('255.255.255.256', False)
-    test_address('255.255.256.255', False)
-    test_address('255.256.255.255', False)
-    test_address('256.255.255.255', False)
-    test_address('1092.168.1.1', False)
-    test_address('not an IP', False)
-    test_address('8.8.8.8:', False)
-    test_address('8.8.8.8:0')
-    test_address('8.8.8.8:1')
-    test_address('8.8.8.8:42')
-    test_address('8.8.8.8:888')
-    test_address('8.8.8.8:1337')
-    test_address('8.8.8.8:65535')
-    test_address('8.8.8.8:65536', False)
-    test_address('8.8.8.8:-1', False)
-    test_address('00.0.0.0', False)
-    test_address('010.0.0.0', False)
-    test_address('001.0.0.0', False)
-    test_address('0.0.0.0:00', False)
-    test_address('0.0.0.0:01', False)
-    test_address('0.0.0.0:001', False)
-    test_address('0.0.0.0:0001', False)
-    test_address('0.0.0.0:00001', False)
-
-
-def test_os_check_fails(Pihole):
-    ''' Confirms install fails on unsupported OS '''
-    Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    install_dependent_packages ${INSTALLER_DEPS[@]}
-    cat <<EOT > /etc/os-release
-    ID=UnsupportedOS
-    VERSION_ID="2"
-    EOT
-    ''')
-    detectOS = Pihole.run('''t
-    source /opt/pihole/basic-install.sh
-    os_check
-    ''')
-    expected_stdout = 'Unsupported OS detected: UnsupportedOS'
-    assert expected_stdout in detectOS.stdout
-
-
-def test_os_check_passes(Pihole):
-    ''' Confirms OS meets the requirements '''
-    Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    install_dependent_packages ${INSTALLER_DEPS[@]}
-    ''')
-    detectOS = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    os_check
-    ''')
-    expected_stdout = 'Supported OS detected'
-    assert expected_stdout in detectOS.stdout

test/test_centos_7_support.py

@@ -1,60 +0,0 @@
-from .conftest import (
-    tick_box,
-    info_box,
-    mock_command,
-)
-
-
-def test_php_upgrade_default_optout_centos_eq_7(Pihole):
-    '''
-    confirms the default behavior to opt-out of installing PHP7 from REMI
-    '''
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in distro_check.stdout
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_centos_eq_7(Pihole):
-    '''
-    confirms installer behavior when user opt-out of installing PHP7 from REMI
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, Pihole)
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in distro_check.stdout
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_centos_eq_7(Pihole):
-    '''
-    confirms installer behavior when user opt-in to installing PHP7 from REMI
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, Pihole)
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    assert 'opt-out' not in distro_check.stdout
-    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                  '(https://rpms.remirepo.net)')
-    assert expected_stdout in distro_check.stdout
-    expected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                  'been enabled for PHP7')
-    assert expected_stdout in distro_check.stdout
-    remi_package = Pihole.package('remi-release')
-    assert remi_package.is_installed

test/test_centos_8_support.py

@@ -1,65 +0,0 @@
-from .conftest import (
-    tick_box,
-    info_box,
-    mock_command,
-)
-
-
-def test_php_upgrade_default_continue_centos_gte_8(Pihole):
-    '''
-    confirms the latest version of CentOS continues / does not optout
-    (should trigger on CentOS7 only)
-    '''
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
-                                    ' Deprecated PHP may be in use.')
-    assert unexpected_stdout not in distro_check.stdout
-    # ensure remi was not installed on latest CentOS
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optout_skipped_centos_gte_8(Pihole):
-    '''
-    confirms installer skips user opt-out of installing PHP7 from REMI on
-    latest CentOS (should trigger on CentOS7 only)
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, Pihole)
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
-                                    ' Deprecated PHP may be in use.')
-    assert unexpected_stdout not in distro_check.stdout
-    # ensure remi was not installed on latest CentOS
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_upgrade_user_optin_skipped_centos_gte_8(Pihole):
-    '''
-    confirms installer skips user opt-in to installing PHP7 from REMI on
-    latest CentOS (should trigger on CentOS7 only)
-    (php not currently installed)
-    '''
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, Pihole)
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    assert 'opt-out' not in distro_check.stdout
-    unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                    '(https://rpms.remirepo.net)')
-    assert unexpected_stdout not in distro_check.stdout
-    unexpected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                    'been enabled for PHP7')
-    assert unexpected_stdout not in distro_check.stdout
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed

test/test_centos_common_support.py

@@ -7,114 +7,21 @@ from .conftest import (
 )
 
 
-def test_release_supported_version_check_centos(Pihole):
-    '''
-    confirms installer exits on unsupported releases of CentOS
-    '''
-    # modify /etc/redhat-release to mock an unsupported CentOS release
-    Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    expected_stdout = cross_box + (' CentOS 6 is not supported.')
-    assert expected_stdout in distro_check.stdout
-    expected_stdout = 'Please update to CentOS release 7 or later'
-    assert expected_stdout in distro_check.stdout
-
-
-def test_enable_epel_repository_centos(Pihole):
-    '''
+def test_enable_epel_repository_centos(host):
+    """
     confirms the EPEL package repository is enabled when installed on CentOS
-    '''
-    distro_check = Pihole.run('''
+    """
+    package_manager_detect = host.run(
+        """
     source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    expected_stdout = info_box + (' Enabling EPEL package repository '
-                                  '(https://fedoraproject.org/wiki/EPEL)')
-    assert expected_stdout in distro_check.stdout
-    expected_stdout = tick_box + ' Installed epel-release'
-    assert expected_stdout in distro_check.stdout
-    epel_package = Pihole.package('epel-release')
+    package_manager_detect
+    """
+    )
+    expected_stdout = info_box + (
+        " Enabling EPEL package repository " "(https://fedoraproject.org/wiki/EPEL)"
+    )
+    assert expected_stdout in package_manager_detect.stdout
+    expected_stdout = tick_box + " Installed"
+    assert expected_stdout in package_manager_detect.stdout
+    epel_package = host.package("epel-release")
     assert epel_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole):
-    '''
-    confirms the default behavior to opt-out of upgrading to PHP7 from REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = Pihole.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = Pihole.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in distro_check.stdout
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole):
-    '''
-    confirms installer behavior when user opt-out to upgrade to PHP7 via REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = Pihole.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = Pihole.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Cancel for user prompt
-    mock_command('whiptail', {'*': ('', '1')}, Pihole)
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout in distro_check.stdout
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed
-
-
-def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole):
-    '''
-    confirms installer behavior when user opt-in to upgrade to PHP7 via REMI
-    '''
-    # first we will install the default php version to test installer behavior
-    php_install = Pihole.run('yum install -y php')
-    assert php_install.rc == 0
-    php_package = Pihole.package('php')
-    default_centos_php_version = php_package.version.split('.')[0]
-    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
-        pytest.skip("Test deprecated . Detected default PHP version >= 7")
-    # Whiptail dialog returns Continue for user prompt
-    mock_command('whiptail', {'*': ('', '0')}, Pihole)
-    distro_check = Pihole.run('''
-    source /opt/pihole/basic-install.sh
-    distro_check
-    install_dependent_packages PIHOLE_WEB_DEPS[@]
-    ''')
-    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
-                                  'Deprecated PHP may be in use.')
-    assert expected_stdout not in distro_check.stdout
-    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
-                                  '(https://rpms.remirepo.net)')
-    assert expected_stdout in distro_check.stdout
-    expected_stdout = tick_box + (' Remi\'s RPM repository has '
-                                  'been enabled for PHP7')
-    assert expected_stdout in distro_check.stdout
-    remi_package = Pihole.package('remi-release')
-    assert remi_package.is_installed
-    updated_php_package = Pihole.package('php')
-    updated_php_version = updated_php_package.version.split('.')[0]
-    assert int(updated_php_version) == 7

test/test_centos_fedora_common_support.py

@@ -5,61 +5,71 @@ from .conftest import (
 )
 
 
-def mock_selinux_config(state, Pihole):
-    '''
+def mock_selinux_config(state, host):
+    """
     Creates a mock SELinux config file with expected content
-    '''
+    """
     # validate state string
-    valid_states = ['enforcing', 'permissive', 'disabled']
+    valid_states = ["enforcing", "permissive", "disabled"]
     assert state in valid_states
     # getenforce returns the running state of SELinux
-    mock_command('getenforce', {'*': (state.capitalize(), '0')}, Pihole)
+    mock_command("getenforce", {"*": (state.capitalize(), "0")}, host)
     # create mock configuration with desired content
-    Pihole.run('''
+    host.run(
+        """
     mkdir /etc/selinux
     echo "SELINUX={state}" > /etc/selinux/config
-    '''.format(state=state.lower()))
+    """.format(
+            state=state.lower()
+        )
+    )
 
 
-def test_selinux_enforcing_exit(Pihole):
-    '''
+def test_selinux_enforcing_exit(host):
+    """
     confirms installer prompts to exit when SELinux is Enforcing by default
-    '''
-    mock_selinux_config("enforcing", Pihole)
-    check_selinux = Pihole.run('''
+    """
+    mock_selinux_config("enforcing", host)
+    check_selinux = host.run(
+        """
     source /opt/pihole/basic-install.sh
     checkSelinux
-    ''')
-    expected_stdout = cross_box + ' Current SELinux: Enforcing'
+    """
+    )
+    expected_stdout = cross_box + " Current SELinux: enforcing"
     assert expected_stdout in check_selinux.stdout
-    expected_stdout = 'SELinux Enforcing detected, exiting installer'
+    expected_stdout = "SELinux Enforcing detected, exiting installer"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 1
 
 
-def test_selinux_permissive(Pihole):
-    '''
+def test_selinux_permissive(host):
+    """
     confirms installer continues when SELinux is Permissive
-    '''
-    mock_selinux_config("permissive", Pihole)
-    check_selinux = Pihole.run('''
+    """
+    mock_selinux_config("permissive", host)
+    check_selinux = host.run(
+        """
     source /opt/pihole/basic-install.sh
     checkSelinux
-    ''')
-    expected_stdout = tick_box + ' Current SELinux: Permissive'
+    """
+    )
+    expected_stdout = tick_box + " Current SELinux: permissive"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0
 
 
-def test_selinux_disabled(Pihole):
-    '''
+def test_selinux_disabled(host):
+    """
     confirms installer continues when SELinux is Disabled
-    '''
-    mock_selinux_config("disabled", Pihole)
-    check_selinux = Pihole.run('''
+    """
+    mock_selinux_config("disabled", host)
+    check_selinux = host.run(
+        """
     source /opt/pihole/basic-install.sh
     checkSelinux
-    ''')
-    expected_stdout = tick_box + ' Current SELinux: Disabled'
+    """
+    )
+    expected_stdout = tick_box + " Current SELinux: disabled"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0

test/test_fedora_support.py

@@ -1,15 +1,15 @@
-def test_epel_and_remi_not_installed_fedora(Pihole):
-    '''
+def test_epel_and_remi_not_installed_fedora(host):
+    """
     confirms installer does not attempt to install EPEL/REMI repositories
     on Fedora
-    '''
-    distro_check = Pihole.run('''
+    """
+    package_manager_detect = host.run(
+        """
     source /opt/pihole/basic-install.sh
-    distro_check
-    ''')
-    assert distro_check.stdout == ''
+    package_manager_detect
+    """
+    )
+    assert package_manager_detect.stdout == ""
 
-    epel_package = Pihole.package('epel-release')
+    epel_package = host.package("epel-release")
     assert not epel_package.is_installed
-    remi_package = Pihole.package('remi-release')
-    assert not remi_package.is_installed

test/tox.centos_7.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py37
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _centos_7.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_7_support.py

test/tox.centos_8.ini

@@ -1,8 +1,8 @@
 [tox]
-envlist = py37
+envlist = py3
 
-[testenv]
-whitelist_externals = docker
+[testenv:py3]
+allowlist_externals = docker
 deps = -rrequirements.txt
-commands = docker build -f _centos_8.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_automated_install.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_8_support.py
+commands =  docker buildx build --load --progress plain -f _centos_8.Dockerfile -t pytest_pihole:test_container ../
+            pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py

test/tox.centos_9.ini

@@ -0,0 +1,8 @@
+[tox]
+envlist = py3
+
+[testenv:py3]
+allowlist_externals = docker
+deps = -rrequirements.txt
+commands = docker buildx build --load --progress plain -f _centos_9.Dockerfile -t pytest_pihole:test_container ../
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py

test/tox.debian_10.ini

@@ -1,8 +1,8 @@
 [tox]
-envlist = py37
+envlist = py3
 
-[testenv]
-whitelist_externals = docker
+[testenv:py3]
+allowlist_externals = docker
 deps = -rrequirements.txt
-commands = docker build -f _debian_10.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_automated_install.py
+commands = docker buildx build --load --progress plain -f _debian_10.Dockerfile -t pytest_pihole:test_container ../
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.debian_11.ini

@@ -0,0 +1,8 @@
+[tox]
+envlist = py3
+
+[testenv:py3]
+allowlist_externals = docker
+deps = -rrequirements.txt
+commands = docker buildx build --load --progress plain -f _debian_11.Dockerfile -t pytest_pihole:test_container ../
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.debian_9.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py37
-
-[testenv]
-whitelist_externals = docker
-deps = -rrequirements.txt
-commands = docker build -f _debian_9.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_automated_install.py