Use netstat instead of lsof for pihole status checks

Signed-off-by: DL6ER <dl6er@dl6er.de>

.github/workflows/stale.yml

@@ -0,0 +1,24 @@
+name: Mark stale issues
+
+on:
+  schedule:
+  - cron: '30 * * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+    - uses: actions/stale@v4
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        debug-only: true
+        days-before-stale: 30
+        days-before-close: 5
+        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
+        stale-issue-label: 'Submitter Attention Required'
+        exempt-issue-labels: 'pinned, Fixed in next release, Bug: Confirmed'
+        exempt-all-issue-assignees: true

CONTRIBUTING.md

@@ -2,111 +2,6 @@
 
 Please read and understand the contribution guide before creating an issue or pull request.
 
-## Etiquette
+The guide can be found here: [https://docs.pi-hole.net/guides/github/contributing/](https://docs.pi-hole.net/guides/github/contributing/)
 
-- Our goal for Pi-hole is **stability before features**. This means we focus on squashing critical bugs before adding new features. Often, we can do both in tandem, but bugs will take priority over a new feature.
-- Pi-hole is open source and [powered by donations](https://pi-hole.net/donate/), and as such, we give our **free time** to build, maintain, and **provide user support** for this project. It would be extremely unfair for us to suffer abuse or anger for our hard work, so please take a moment to consider that.
-- Please be considerate towards the developers and other users when raising issues or presenting pull requests.
-- Respect our decision(s), and do not be upset or abusive if your submission is not used.
 
-## Viability
-
-When requesting or submitting new features, first consider whether it might be useful to others. Open source projects are used by many people, who may have entirely different needs to your own. Think about whether or not your feature is likely to be used by other users of the project.
-
-## Procedure
-
-**Before filing an issue:**
-
-- Attempt to replicate and **document** the problem, to ensure that it wasn't a coincidental incident.
-- Check to make sure your feature suggestion isn't already present within the project.
-- Check the pull requests tab to ensure that the bug doesn't have a fix in progress.
-- Check the pull requests tab to ensure that the feature isn't already in progress.
-
-**Before submitting a pull request:**
-
-- Check the codebase to ensure that your feature doesn't already exist.
-- Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
-- Read and understand the [DCO guidelines](https://docs.pi-hole.net/guides/github/contributing/) for the project.
-
-## Technical Requirements
-
-- Submit Pull Requests to the **development branch only**.
-- Before Submitting your Pull Request, merge `development` with your new branch and fix any conflicts. (Make sure you don't break anything in development!)
-- Please use the [Google Style Guide for Shell](https://google.github.io/styleguide/shell.xml) for your code submission styles.
-- Commit Unix line endings.
-- Please use the Pi-hole brand: **Pi-hole** (Take a special look at the capitalized 'P' and a low 'h' with a hyphen)
-- (Optional fun) keep to the theme of Star Trek/black holes/gravity.
-
-## Forking and Cloning from GitHub to GitHub
-
-1. Fork <https://github.com/pi-hole/pi-hole/> to a repo under a namespace you control, or have permission to use, for example: `https://github.com/<your_namespace>/<your_repo_name>/`. You can do this from the github.com website.
-2. Clone `https://github.com/<your_namespace>/<your_repo_name>/` with the tool of you choice.
-3. To keep your fork in sync with our repo, add an upstream remote for pi-hole/pi-hole to your repo.
-
-    ```bash
-    git remote add upstream https://github.com/pi-hole/pi-hole.git
-    ```
-
-4. Checkout the `development` branch from your fork `https://github.com/<your_namespace>/<your_repo_name>/`.
-5. Create a topic/branch, based on the `development` branch code. *Bonus fun to keep to the theme of Star Trek/black holes/gravity.*
-6. Make your changes and commit to your topic branch in your repo.
-7. Rebase your commits and squash any insignificant commits. See the notes below for an example.
-8. Merge `development` your branch and fix any conflicts.
-9. Open a Pull Request to merge your topic branch into our repo's `development` branch.
-
-- Keep in mind the technical requirements from above.
-
-## Forking and Cloning from GitHub to other code hosting sites
-
-- Forking is a GitHub concept and cannot be done from GitHub to other git-based code hosting sites. However, those sites may be able to mirror a GitHub repo.
-
-1. To contribute from another code hosting site, you must first complete the steps above to fork our repo to a GitHub namespace you have permission to use, for example: `https://github.com/<your_namespace>/<your_repo_name>/`.
-2. Create a repo in your code hosting site, for example: `https://gitlab.com/<your_namespace>/<your_repo_name>/`
-3. Follow the instructions from your code hosting site to create a mirror between `https://github.com/<your_namespace>/<your_repo_name>/` and `https://gitlab.com/<your_namespace>/<your_repo_name>/`.
-4. When you are ready to create a Pull Request (PR), follow the steps `(starting at step #6)` from [Forking and Cloning from GitHub to GitHub](#forking-and-cloning-from-github-to-github) and create the PR from `https://github.com/<your_namespace>/<your_repo_name>/`.
-
-## Notes for squashing commits with rebase
-
-- To rebase your commits and squash previous commits, you can use:
-
-    ```bash
-    git rebase -i your_topic_branch~(number of commits to combine)
-    ```
-
-- For more details visit [gitready.com](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)
-
-1. The following would combine the last four commits in the branch `mytopic`.
-
-    ```bash
-    git rebase -i mytopic~4
-    ```
-
-2. An editor window opens with the most recent commits indicated: (edit the commands to the left of the commit ID)
-
-    ```gitattributes
-    pick 9dff55b2 existing commit comments
-    squash ebb1a730 existing commit comments
-    squash 07cc5b50 existing commit comments
-    reword 9dff55b2 existing commit comments
-    ```
-
-3. Save and close the editor. The next editor window opens: (edit the new commit message). *If you select reword for a commit, an additional editor window will open for you to edit the comment.*
-
-    ```bash
-    new commit comments
-    Signed-off-by: yourname <your email address>
-    ```
-
-4. Save and close the editor for the rebase process to execute. The terminal output should say something like the following:
-
-    ```bash
-    Successfully rebased and updated refs/heads/mytopic.
-    ```
-
-5. Once you have a successful rebase, and before you sync your local clone, you have to force push origin to update your repo:
-
-    ```bash
-    git push -f origin
-    ```
-
-6. Continue on from step #7 from [Forking and Cloning from GitHub to GitHub](#forking-and-cloning-from-github-to-github)

advanced/Scripts/chronometer.sh

@@ -329,8 +329,8 @@ get_sys_stats() {
                 *) cpu_col="$COL_URG_RED";;
             esac
 
-        # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED
-        cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY"
+            # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED
+            cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY"
 
         elif [[ "$temp_unit" == "F" ]]; then
             cpu_temp=$(printf "%.0ff\\n" "$(calcFunc "($(< $temp_file) / 1000) * 9 / 5 + 32")")
@@ -445,7 +445,7 @@ get_strings() {
     lan_info="Gateway: $net_gateway"
     dhcp_info="$leased_str$ph_dhcp_num of $ph_dhcp_max"
 
-      ads_info="$total_str$ads_blocked_today of $dns_queries_today"
+    ads_info="$total_str$ads_blocked_today of $dns_queries_today"
     dns_info="$dns_count DNS servers"
 
     [[ "$recent_blocked" == "0" ]] && recent_blocked="${COL_LIGHT_RED}FTL offline${COL_NC}"
@@ -488,7 +488,7 @@ chronoFunc() {
             ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC}
             ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
         else
-        echo -e "|¯¯¯(¯)_|¯|_  ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
+            echo -e "|¯¯¯(¯)_|¯|_  ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
         fi
 
         printFunc "  Hostname: " "$sys_name" "$host_info"

advanced/Scripts/database_migration/gravity-db.sh

@@ -123,9 +123,9 @@ upgrade_gravityDB(){
 		version=14
 	fi
 	if [[ "$version" == "14" ]]; then
-	# Changes the vw_adlist created in 5_to_6
-	echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
-	sqlite3 "${database}" < "${scriptPath}/14_to_15.sql"
-	version=15
-fi
+		# Changes the vw_adlist created in 5_to_6
+		echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
+		sqlite3 "${database}" < "${scriptPath}/14_to_15.sql"
+		version=15
+	fi
 }

advanced/Scripts/list.sh

@@ -16,7 +16,7 @@ GRAVITYDB="${piholeDir}/gravity.db"
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
-  source "${pihole_FTL}"
+    source "${pihole_FTL}"
 fi
 
 # Set this only after sourcing pihole-FTL.conf as the gravity database path may
@@ -91,7 +91,8 @@ Options:
   -q, --quiet         Make output less verbose
   -h, --help          Show this help dialog
   -l, --list          Display all your ${listname}listed domains
-  --nuke              Removes all entries in a list"
+  --nuke              Removes all entries in a list
+  --comment \"text\"    Add a comment to the domain. If adding multiple domains the same comment will be used for all"
 
   exit 0
 }
@@ -133,7 +134,7 @@ ProcessDomainList() {
         else
             RemoveDomain "${dom}"
         fi
-  done
+    done
 }
 
 AddDomain() {
@@ -145,19 +146,19 @@ AddDomain() {
     requestedListname="$(GetListnameFromTypeId "${typeId}")"
 
     if [[ "${num}" -ne 0 ]]; then
-      existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")"
-      if [[ "${existingTypeId}" == "${typeId}" ]]; then
-        if [[ "${verbose}" == true ]]; then
-            echo -e "  ${INFO} ${1} already exists in ${requestedListname}, no need to add!"
+        existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")"
+        if [[ "${existingTypeId}" == "${typeId}" ]]; then
+            if [[ "${verbose}" == true ]]; then
+                echo -e "  ${INFO} ${1} already exists in ${requestedListname}, no need to add!"
+            fi
+        else
+            existingListname="$(GetListnameFromTypeId "${existingTypeId}")"
+            sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';"
+            if [[ "${verbose}" == true ]]; then
+                echo -e "  ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!"
+            fi
         fi
-      else
-        existingListname="$(GetListnameFromTypeId "${existingTypeId}")"
-        sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';"
-        if [[ "${verbose}" == true ]]; then
-            echo -e "  ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!"
-        fi
-      fi
-      return
+        return
     fi
 
     # Domain not found in the table, add it!
@@ -185,10 +186,10 @@ RemoveDomain() {
     requestedListname="$(GetListnameFromTypeId "${typeId}")"
 
     if [[ "${num}" -eq 0 ]]; then
-      if [[ "${verbose}" == true ]]; then
-          echo -e "  ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!"
-      fi
-      return
+        if [[ "${verbose}" == true ]]; then
+            echo -e "  ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!"
+        fi
+        return
     fi
 
     # Domain found in the table, remove it!
@@ -256,8 +257,8 @@ NukeList() {
 GetComment() {
     comment="$1"
     if [[ "${comment}" =~ [^a-zA-Z0-9_\#:/\.,\ -] ]]; then
-      echo "  ${CROSS} Found invalid characters in domain comment!"
-      exit
+        echo "  ${CROSS} Found invalid characters in domain comment!"
+        exit
     fi
 }
 
@@ -292,7 +293,7 @@ ProcessDomainList
 
 # Used on web interface
 if $web; then
-echo "DONE"
+    echo "DONE"
 fi
 
 if [[ ${reload} == true && ${noReloadRequested} == false ]]; then

advanced/Scripts/piholeDebug.sh

@@ -27,7 +27,7 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE"
 
 # These provide the colors we need for making the log more readable
 if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then
-  source ${PIHOLE_COLTABLE_FILE}
+    source ${PIHOLE_COLTABLE_FILE}
 else
     COL_NC='\e[0m' # No Color
     COL_RED='\e[1;91m'
@@ -88,6 +88,7 @@ PIHOLE_LOCAL_HOSTS_FILE="${PIHOLE_DIRECTORY}/local.list"
 PIHOLE_LOGROTATE_FILE="${PIHOLE_DIRECTORY}/logrotate"
 PIHOLE_SETUP_VARS_FILE="${PIHOLE_DIRECTORY}/setupVars.conf"
 PIHOLE_FTL_CONF_FILE="${PIHOLE_DIRECTORY}/pihole-FTL.conf"
+PIHOLE_CUSTOM_HOSTS_FILE="${PIHOLE_DIRECTORY}/custom.list"
 
 # Read the value of an FTL config key. The value is printed to stdout.
 #
@@ -179,7 +180,8 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}"
 "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}"
 "${RESOLVCONF}"
-"${DNSMASQ_CONF}")
+"${DNSMASQ_CONF}"
+"${PIHOLE_CUSTOM_HOSTS_FILE}")
 
 DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net.
 
@@ -465,6 +467,9 @@ diagnose_operating_system() {
     # Display the current test that is running
     echo_current_diagnostic "Operating system"
 
+    # If the PIHOLE_DOCKER_TAG variable is set, include this information in the debug output
+    [ -n "${PIHOLE_DOCKER_TAG}" ] && log_write "${INFO} Pi-hole Docker Container: ${PIHOLE_DOCKER_TAG}"
+
     # If there is a /etc/*release file, it's probably a supported operating system, so we can
     if ls /etc/*release 1> /dev/null 2>&1; then
         # display the attributes to the user from the function made earlier
@@ -1384,9 +1389,9 @@ upload_to_tricorder() {
     log_write "${TICK} ${COL_GREEN}** FINISHED DEBUGGING! **${COL_NC}\\n"
 
     # Provide information on what they should do with their token
-    log_write "    * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only."
+    log_write "   * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only."
 
-    # If pihole -d is running automatically (usually through the dashboard)
+    # If pihole -d is running automatically
     if [[ "${AUTOMATED}" ]]; then
         # let the user know
         log_write "${INFO} Debug script running in automated mode"
@@ -1394,16 +1399,19 @@ upload_to_tricorder() {
         curl_to_tricorder
         # If we're not running in automated mode,
     else
-        echo ""
-        # give the user a choice of uploading it or not
-        # Users can review the log file locally (or the output of the script since they are the same) and try to self-diagnose their problem
-        read -r -p "[?] Would you like to upload the log? [y/N] " response
-        case ${response} in
-            # If they say yes, run our function for uploading the log
-            [yY][eE][sS]|[yY]) curl_to_tricorder;;
-            # If they choose no, just exit out of the script
-            *) log_write "    * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n    * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit;
-        esac
+        # if not being called from the web interface
+        if [[ ! "${WEBCALL}" ]]; then
+            echo ""
+            # give the user a choice of uploading it or not
+            # Users can review the log file locally (or the output of the script since they are the same) and try to self-diagnose their problem
+            read -r -p "[?] Would you like to upload the log? [y/N] " response
+            case ${response} in
+                # If they say yes, run our function for uploading the log
+                [yY][eE][sS]|[yY]) curl_to_tricorder;;
+                # If they choose no, just exit out of the script
+                *) log_write "    * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n    * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit;
+            esac
+        fi
     fi
     # Check if tricorder.pi-hole.net is reachable and provide token
     # along with some additional useful information
@@ -1423,8 +1431,13 @@ upload_to_tricorder() {
     # If no token was generated
     else
         # Show an error and some help instructions
-        log_write "${CROSS}  ${COL_RED}There was an error uploading your debug log.${COL_NC}"
-        log_write "   * Please try again or contact the Pi-hole team for assistance."
+        # Skip this if being called from web interface and autmatic mode was not chosen (users opt-out to upload)
+        if [[ "${WEBCALL}" ]] && [[ ! "${AUTOMATED}" ]]; then
+            :
+        else
+            log_write "${CROSS}  ${COL_RED}There was an error uploading your debug log.${COL_NC}"
+            log_write "   * Please try again or contact the Pi-hole team for assistance."
+        fi
     fi
     # Finally, show where the log file is no matter the outcome of the function so users can look at it
     log_write "   * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n"

advanced/Scripts/query.sh

@@ -21,7 +21,7 @@ matchType="match"
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
-  source "${pihole_FTL}"
+    source "${pihole_FTL}"
 fi
 
 # Set this only after sourcing pihole-FTL.conf as the gravity database path may
@@ -48,7 +48,7 @@ scanList(){
         # Iterate through each regexp and check whether it matches the domainQuery
         # If it does, print the matching regexp and continue looping
         # Input 1 - regexps | Input 2 - domainQuery
-        "regex" ) 
+        "regex" )
             for list in ${lists}; do
                 if [[ "${domain}" =~ ${list} ]]; then
                     printf "%b\n" "${list}";
@@ -109,15 +109,15 @@ scanDatabaseTable() {
     # behavior. The "ESCAPE '\'" clause specifies that an underscore preceded by an '\' should be matched
     # as a literal underscore character. We pretreat the $domain variable accordingly to escape underscores.
     if [[ "${table}" == "gravity" ]]; then
-      case "${exact}" in
-          "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";;
-          *       ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
-      esac
+        case "${exact}" in
+            "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";;
+            *       ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
+        esac
     else
-      case "${exact}" in
-          "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";;
-          *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
-      esac
+        case "${exact}" in
+            "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain = '${domain}'";;
+            *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
+        esac
     fi
 
     # Send prepared query to gravity database
@@ -128,8 +128,8 @@ scanDatabaseTable() {
     fi
 
     if [[ "${table}" == "gravity" ]]; then
-      echo "${result}"
-      return
+        echo "${result}"
+        return
     fi
 
     # Mark domain as having been white-/blacklist matched (global variable)
@@ -233,9 +233,9 @@ for result in "${results[@]}"; do
     adlistAddress="${extra/|*/}"
     extra="${extra#*|}"
     if [[ "${extra}" == "0" ]]; then
-      extra="(disabled)"
+        extra="(disabled)"
     else
-      extra=""
+        extra=""
     fi
 
     if [[ -n "${blockpage}" ]]; then

advanced/Scripts/update.sh

@@ -35,25 +35,37 @@ source "/opt/pihole/COL_TABLE"
 
 GitCheckUpdateAvail() {
     local directory
+    local curBranch
     directory="${1}"
     curdir=$PWD
     cd "${directory}" || return
 
     # Fetch latest changes in this repo
-    git fetch --quiet origin
+    git fetch --tags --quiet origin
 
-    # @ alone is a shortcut for HEAD. Older versions of git
-    # need @{0}
-    LOCAL="$(git rev-parse "@{0}")"
+    # Check current branch. If it is master, then check for the latest available tag instead of latest commit.
+    curBranch=$(git rev-parse --abbrev-ref HEAD)
+    if [[ "${curBranch}" == "master" ]]; then
+        # get the latest local tag
+        LOCAL=$(git describe --abbrev=0 --tags master)
+        # get the latest tag from remote
+        REMOTE=$(git describe --abbrev=0 --tags origin/master)
+
+    else
+        # @ alone is a shortcut for HEAD. Older versions of git
+        # need @{0}
+        LOCAL="$(git rev-parse "@{0}")"
+
+        # The suffix @{upstream} to a branchname
+        # (short form <branchname>@{u}) refers
+        # to the branch that the branch specified
+        # by branchname is set to build on top of#
+        # (configured with branch.<name>.remote and
+        # branch.<name>.merge). A missing branchname
+        # defaults to the current one.
+        REMOTE="$(git rev-parse "@{upstream}")"
+    fi
 
-    # The suffix @{upstream} to a branchname
-    # (short form <branchname>@{u}) refers
-    # to the branch that the branch specified
-    # by branchname is set to build on top of#
-    # (configured with branch.<name>.remote and
-    # branch.<name>.merge). A missing branchname
-    # defaults to the current one.
-    REMOTE="$(git rev-parse "@{upstream}")"
 
     if [[ "${#LOCAL}" == 0 ]]; then
         echo -e "\\n  ${COL_LIGHT_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
@@ -200,7 +212,7 @@ main() {
 
     if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then
         ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \
-        echo -e "${basicError}" && exit 1
+            echo -e "${basicError}" && exit 1
     fi
 
     if [[ "${FTL_update}" == true || "${core_update}" == true || "${web_update}" == true ]]; then

advanced/Scripts/version.sh

@@ -13,6 +13,10 @@ DEFAULT="-1"
 COREGITDIR="/etc/.pihole/"
 WEBGITDIR="/var/www/html/admin/"
 
+# Source the setupvars config file
+# shellcheck disable=SC1091
+source /etc/pihole/setupVars.conf
+
 getLocalVersion() {
     # FTL requires a different method
     if [[ "$1" == "FTL" ]]; then
@@ -91,10 +95,11 @@ getRemoteVersion(){
     #If the above file exists, then we can read from that. Prevents overuse of GitHub API
     if [[ -f "$cachedVersions" ]]; then
         IFS=' ' read -r -a arrCache < "$cachedVersions"
+
         case $daemon in
-          "pi-hole"   )  echo "${arrCache[0]}";;
-          "AdminLTE"  )  echo "${arrCache[1]}";;
-          "FTL"       )  echo "${arrCache[2]}";;
+            "pi-hole"   )  echo "${arrCache[0]}";;
+            "AdminLTE"  )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[1]}";;
+            "FTL"       )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[2]}" || echo "${arrCache[1]}";;
         esac
 
         return 0
@@ -117,7 +122,7 @@ getLocalBranch(){
     local directory="${1}"
     local branch
 
-     # Local FTL btranch is stored in /etc/pihole/ftlbranch
+    # Local FTL btranch is stored in /etc/pihole/ftlbranch
     if [[ "$1" == "FTL" ]]; then
         branch="$(pihole-FTL branch)"
     else
@@ -140,6 +145,11 @@ getLocalBranch(){
 }
 
 versionOutput() {
+    if [[ "$1" == "AdminLTE" && "${INSTALL_WEB_INTERFACE}" != true ]]; then
+        echo "  WebAdmin not installed"
+        return 1
+    fi
+
     [[ "$1" == "pi-hole" ]] && GITDIR=$COREGITDIR
     [[ "$1" == "AdminLTE" ]] && GITDIR=$WEBGITDIR
     [[ "$1" == "FTL" ]] && GITDIR="FTL"
@@ -166,6 +176,7 @@ versionOutput() {
         output="Latest ${1^} hash is $latHash"
     else
         errorOutput
+        return 1
     fi
 
     [[ -n "$output" ]] && echo "  $output"
@@ -177,10 +188,6 @@ errorOutput() {
 }
 
 defaultOutput() {
-    # Source the setupvars config file
-    # shellcheck disable=SC1091
-    source /etc/pihole/setupVars.conf
-
     versionOutput "pi-hole" "$@"
 
     if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then

advanced/Scripts/webpage.sh

@@ -122,14 +122,14 @@ SetWebPassword() {
         read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
         echo ""
 
-    if [ "${PASSWORD}" == "" ]; then
-        change_setting "WEBPASSWORD" ""
-        echo -e "  ${TICK} Password Removed"
-        exit 0
-    fi
+        if [ "${PASSWORD}" == "" ]; then
+            change_setting "WEBPASSWORD" ""
+            echo -e "  ${TICK} Password Removed"
+            exit 0
+        fi
 
-    read -s -r -p "Confirm Password: " CONFIRM
-    echo ""
+        read -s -r -p "Confirm Password: " CONFIRM
+        echo ""
     fi
 
     if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
@@ -199,6 +199,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
     # Setup interface listening behavior of dnsmasq
     delete_dnsmasq_setting "interface"
     delete_dnsmasq_setting "local-service"
+    delete_dnsmasq_setting "except-interface"
+    delete_dnsmasq_setting "bind-interfaces"
 
     if [[ "${DNSMASQ_LISTENING}" == "all" ]]; then
         # Listen on all interfaces, permit all origins
@@ -207,6 +209,7 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
         # Listen only on all interfaces, but only local subnets
         add_dnsmasq_setting "local-service"
     else
+        # Options "bind" and "single"
         # Listen only on one interface
         # Use eth0 as fallback interface if interface is missing in setupVars.conf
         if [ -z "${PIHOLE_INTERFACE}" ]; then
@@ -214,6 +217,11 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
         fi
 
         add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}"
+
+        if [[ "${DNSMASQ_LISTENING}" == "bind" ]]; then
+            # Really bind to interface
+            add_dnsmasq_setting "bind-interfaces"
+        fi
     fi
 
     if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then
@@ -247,8 +255,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
                 3   )   REV_SERVER_CIDR="${arrRev[0]}.0.0.0/8";;
             esac
         else
-          # Set REV_SERVER_CIDR to whatever value it was set to
-          REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}"
+            # Set REV_SERVER_CIDR to whatever value it was set to
+            REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}"
         fi
 
         # If REV_SERVER_CIDR is not converted by the above, then use the REV_SERVER_TARGET variable to derive it
@@ -371,34 +379,34 @@ ProcessDHCPSettings() {
     source "${setupVars}"
 
     if [[ "${DHCP_ACTIVE}" == "true" ]]; then
-    interface="${PIHOLE_INTERFACE}"
+        interface="${PIHOLE_INTERFACE}"
 
-    # Use eth0 as fallback interface
-    if [ -z ${interface} ]; then
-        interface="eth0"
-    fi
+        # Use eth0 as fallback interface
+        if [ -z ${interface} ]; then
+            interface="eth0"
+        fi
 
-    if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
-        PIHOLE_DOMAIN="lan"
-        change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
-    fi
+        if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
+            PIHOLE_DOMAIN="lan"
+            change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+        fi
 
-    if [[ "${DHCP_LEASETIME}" == "0" ]]; then
-        leasetime="infinite"
-    elif [[ "${DHCP_LEASETIME}" == "" ]]; then
-        leasetime="24"
-        change_setting "DHCP_LEASETIME" "${leasetime}"
-    elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then
-        #Installation is affected by known bug, introduced in a previous version.
-        #This will automatically clean up setupVars.conf and remove the unnecessary "h"
-        leasetime="24"
-        change_setting "DHCP_LEASETIME" "${leasetime}"
-    else
-        leasetime="${DHCP_LEASETIME}h"
-    fi
+        if [[ "${DHCP_LEASETIME}" == "0" ]]; then
+            leasetime="infinite"
+        elif [[ "${DHCP_LEASETIME}" == "" ]]; then
+            leasetime="24"
+            change_setting "DHCP_LEASETIME" "${leasetime}"
+        elif [[ "${DHCP_LEASETIME}" == "24h" ]]; then
+            #Installation is affected by known bug, introduced in a previous version.
+            #This will automatically clean up setupVars.conf and remove the unnecessary "h"
+            leasetime="24"
+            change_setting "DHCP_LEASETIME" "${leasetime}"
+        else
+            leasetime="${DHCP_LEASETIME}h"
+        fi
 
-    # Write settings to file
-    echo "###############################################################################
+        # Write settings to file
+        echo "###############################################################################
 #  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
 #            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
 ###############################################################################
@@ -408,34 +416,34 @@ dhcp-option=option:router,${DHCP_ROUTER}
 dhcp-leasefile=/etc/pihole/dhcp.leases
 #quiet-dhcp
 " > "${dhcpconfig}"
-    chmod 644 "${dhcpconfig}"
+        chmod 644 "${dhcpconfig}"
 
-    if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
-        echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
+        if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
+            echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
 
-        # When there is a Pi-hole domain set and "Never forward non-FQDNs" is
-        # ticked, we add `local=/domain/` to tell FTL that this domain is purely
-        # local and FTL may answer queries from /etc/hosts or DHCP but should
-        # never forward queries on that domain to any upstream servers
-        if  [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
-          echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
+            # When there is a Pi-hole domain set and "Never forward non-FQDNs" is
+            # ticked, we add `local=/domain/` to tell FTL that this domain is purely
+            # local and FTL may answer queries from /etc/hosts or DHCP but should
+            # never forward queries on that domain to any upstream servers
+            if  [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
+                echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
+            fi
         fi
-    fi
 
-    # Sourced from setupVars
-    # shellcheck disable=SC2154
-    if [[ "${DHCP_rapid_commit}" == "true" ]]; then
-        echo "dhcp-rapid-commit" >> "${dhcpconfig}"
-    fi
+        # Sourced from setupVars
+        # shellcheck disable=SC2154
+        if [[ "${DHCP_rapid_commit}" == "true" ]]; then
+            echo "dhcp-rapid-commit" >> "${dhcpconfig}"
+        fi
 
-    if [[ "${DHCP_IPv6}" == "true" ]]; then
-        echo "#quiet-dhcp6
+        if [[ "${DHCP_IPv6}" == "true" ]]; then
+            echo "#quiet-dhcp6
 #enable-ra
 dhcp-option=option6:dns-server,[::]
 dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600
 ra-param=*,0,0
 " >> "${dhcpconfig}"
-    fi
+        fi
 
     else
         if [[ -f "${dhcpconfig}" ]]; then
@@ -600,12 +608,13 @@ Example: 'pihole -a -i local'
 Specify dnsmasq's network interface listening behavior
 
 Interfaces:
-  local               Listen on all interfaces, but only allow queries from
-                      devices that are at most one hop away (local devices)
-  single              Listen only on ${PIHOLE_INTERFACE} interface
+  local               Only respond to queries from devices that
+                      are at most one hop away (local devices)
+  single              Respond only on interface ${PIHOLE_INTERFACE}
+  bind                Bind only on interface ${PIHOLE_INTERFACE}
   all                 Listen on all interfaces, permit all origins"
         exit 0
-  fi
+    fi
 
     if [[ "${args[2]}" == "all" ]]; then
         echo -e "  ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!"
@@ -613,6 +622,9 @@ Interfaces:
     elif [[ "${args[2]}" == "local" ]]; then
         echo -e "  ${INFO} Listening on all interfaces, permitting origins from one hop away (LAN)"
         change_setting "DNSMASQ_LISTENING" "local"
+    elif [[ "${args[2]}" == "bind" ]]; then
+        echo -e "  ${INFO} Binding on interface ${PIHOLE_INTERFACE}"
+        change_setting "DNSMASQ_LISTENING" "bind"
     else
         echo -e "  ${INFO} Listening only on interface ${PIHOLE_INTERFACE}"
         change_setting "DNSMASQ_LISTENING" "single"
@@ -654,18 +666,18 @@ addAudit()
     domains=""
     for domain in "$@"
     do
-      # Check domain to be added. Only continue if it is valid
-      validDomain="$(checkDomain "${domain}")"
-      if [[ -n "${validDomain}" ]]; then
-        # Put comma in between domains when there is
-        # more than one domains to be added
-        # SQL INSERT allows adding multiple rows at once using the format
-        ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st');
-        if [[ -n "${domains}" ]]; then
-          domains="${domains},"
+        # Check domain to be added. Only continue if it is valid
+        validDomain="$(checkDomain "${domain}")"
+        if [[ -n "${validDomain}" ]]; then
+            # Put comma in between domains when there is
+            # more than one domains to be added
+            # SQL INSERT allows adding multiple rows at once using the format
+            ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st');
+            if [[ -n "${domains}" ]]; then
+                domains="${domains},"
+            fi
+            domains="${domains}('${domain}')"
         fi
-        domains="${domains}('${domain}')"
-      fi
     done
     # Insert only the domain here. The date_added field will be
     # filled with its default value (date_added = current timestamp)
@@ -707,7 +719,7 @@ AddCustomDNSAddress() {
 
     # Restart dnsmasq to load new custom DNS entries only if $reload not false
     if [[ ! $reload == "false" ]]; then
-      RestartDNS
+        RestartDNS
     fi
 }
 
@@ -726,14 +738,14 @@ RemoveCustomDNSAddress() {
             echo -e "  ${CROSS} Invalid IP has been passed"
             exit 1
         fi
-        else
-            echo "  ${CROSS} Invalid Domain passed!"
-            exit 1
+    else
+        echo "  ${CROSS} Invalid Domain passed!"
+        exit 1
     fi
 
     # Restart dnsmasq to load new custom DNS entries only if reload is not false
     if [[ ! $reload == "false" ]]; then
-      RestartDNS
+        RestartDNS
     fi
 }
 
@@ -748,10 +760,10 @@ AddCustomCNAMERecord() {
     if [[ -n "${validDomain}" ]]; then
         validTarget="$(checkDomain "${target}")"
         if [[ -n "${validTarget}" ]]; then
-          echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}"
+            echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}"
         else
-          echo "  ${CROSS} Invalid Target Passed!"
-          exit 1
+            echo "  ${CROSS} Invalid Target Passed!"
+            exit 1
         fi
     else
         echo "  ${CROSS} Invalid Domain passed!"
@@ -759,7 +771,7 @@ AddCustomCNAMERecord() {
     fi
     # Restart dnsmasq to load new custom CNAME records only if reload is not false
     if [[ ! $reload == "false" ]]; then
-      RestartDNS
+        RestartDNS
     fi
 }
 
@@ -776,8 +788,8 @@ RemoveCustomCNAMERecord() {
         if [[ -n "${validTarget}" ]]; then
             sed -i "/cname=${validDomain},${validTarget}$/d" "${dnscustomcnamefile}"
         else
-          echo "  ${CROSS} Invalid Target Passed!"
-          exit 1
+            echo "  ${CROSS} Invalid Target Passed!"
+            exit 1
         fi
     else
         echo "  ${CROSS} Invalid Domain passed!"
@@ -786,7 +798,7 @@ RemoveCustomCNAMERecord() {
 
     # Restart dnsmasq to update removed custom CNAME records only if $reload not false
     if [[ ! $reload == "false" ]]; then
-      RestartDNS
+        RestartDNS
     fi
 }
 

advanced/Templates/pihole-FTL.conf

@@ -0,0 +1,2 @@
+#; Pi-hole FTL config file
+#; Comments should start with #; to avoid issues with PHP and bash reading this file

advanced/lighttpd.conf.debian

@@ -85,8 +85,8 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
     url.access-deny = ("")
 }
 
-# allow teleporter iframe on settings page
-$HTTP["url"] =~ "/teleporter\.php$" {
+# allow teleporter and API qr code iframe on settings page
+$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
     $HTTP["referer"] =~ "/admin/settings\.php" {
         setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
     }

advanced/lighttpd.conf.fedora

@@ -93,8 +93,8 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
     url.access-deny = ("")
 }
 
-# allow teleporter iframe on settings page
-$HTTP["url"] =~ "/teleporter\.php$" {
+# allow teleporter and API qr code iframe on settings page
+$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
     $HTTP["referer"] =~ "/admin/settings\.php" {
         setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
     }

automated install/basic-install.sh

@@ -2,7 +2,7 @@
 # shellcheck disable=SC1090
 
 # Pi-hole: A black hole for Internet advertisements
-# (c) 2017-2018 Pi-hole, LLC (https://pi-hole.net)
+# (c) 2017-2021 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # Installs and Updates Pi-hole
@@ -76,7 +76,7 @@ PI_HOLE_CONFIG_DIR="/etc/pihole"
 PI_HOLE_BIN_DIR="/usr/local/bin"
 PI_HOLE_BLOCKPAGE_DIR="${webroot}/pihole"
 if [ -z "$useUpdateVars" ]; then
-  useUpdateVars=false
+    useUpdateVars=false
 fi
 
 adlistFile="/etc/pihole/adlists.list"
@@ -90,7 +90,7 @@ PRIVACY_LEVEL=0
 CACHE_SIZE=10000
 
 if [ -z "${USER}" ]; then
-  USER="$(id -un)"
+    USER="$(id -un)"
 fi
 
 # whiptail dialog dimensions: 20 rows and 70 chars width assures to fit on small screens and is known to hold all content.
@@ -133,7 +133,7 @@ fi
 # A simple function that just echoes out our logo in ASCII format
 # This lets users know that it is a Pi-hole, LLC product
 show_ascii_berry() {
-  echo -e "
+    echo -e "
         ${COL_LIGHT_GREEN}.;;,.
         .ccccc:,.
          :cccclll:.      ..,,
@@ -172,7 +172,7 @@ os_check() {
         local remote_os_domain valid_os valid_version valid_response detected_os detected_version display_warning cmdResult digReturnCode response
         remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"}
 
-        detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
+        detected_os=$(grep '^ID=' /etc/os-release | cut -d '=' -f2 | tr -d '"')
         detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
 
         cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)"
@@ -261,174 +261,174 @@ os_check() {
 
 # Compatibility
 package_manager_detect() {
-# First check to see if apt-get is installed.
-if is_command apt-get ; then
-    # Set some global variables here
-    # We don't set them earlier since the installed package manager might be rpm, so these values would be different
-    PKG_MANAGER="apt-get"
-    # A variable to store the command used to update the package cache
-    UPDATE_PKG_CACHE="${PKG_MANAGER} update"
-    # The command we will use to actually install packages
-    PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install)
-    # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script.
-    PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
-    # Update package cache
-    update_package_cache || exit 1
-    # Check for and determine version number (major and minor) of current php install
-    local phpVer="php"
-    if is_command php ; then
-        printf "  %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "<?php echo PHP_VERSION ?>")"
-        printf -v phpInsMajor "%d" "$(php <<< "<?php echo PHP_MAJOR_VERSION ?>")"
-        printf -v phpInsMinor "%d" "$(php <<< "<?php echo PHP_MINOR_VERSION ?>")"
-        phpVer="php$phpInsMajor.$phpInsMinor"
-    fi
-    # Packages required to perfom the os_check (stored as an array)
-    OS_CHECK_DEPS=(grep dnsutils)
-    # Packages required to run this install script (stored as an array)
-    INSTALLER_DEPS=(git iproute2 whiptail ca-certificates)
-    # Packages required to run Pi-hole (stored as an array)
-    PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2)
-    # Packages required for the Web admin interface (stored as an array)
-    # It's useful to separate this from Pi-hole, since the two repos are also setup separately
-    PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl")
-    # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php
-    if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then
-        PIHOLE_WEB_DEPS+=("${phpVer}-json")
-    fi
-    # The Web server user,
-    LIGHTTPD_USER="www-data"
-    # group,
-    LIGHTTPD_GROUP="www-data"
-    # and config file
-    LIGHTTPD_CFG="lighttpd.conf.debian"
+    # First check to see if apt-get is installed.
+    if is_command apt-get ; then
+        # Set some global variables here
+        # We don't set them earlier since the installed package manager might be rpm, so these values would be different
+        PKG_MANAGER="apt-get"
+        # A variable to store the command used to update the package cache
+        UPDATE_PKG_CACHE="${PKG_MANAGER} update"
+        # The command we will use to actually install packages
+        PKG_INSTALL=("${PKG_MANAGER}" -qq --no-install-recommends install)
+        # grep -c will return 1 if there are no matches. This is an acceptable condition, so we OR TRUE to prevent set -e exiting the script.
+        PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
+        # Update package cache
+        update_package_cache || exit 1
+        # Check for and determine version number (major and minor) of current php install
+        local phpVer="php"
+        if is_command php ; then
+            printf "  %b Existing PHP installation detected : PHP version %s\\n" "${INFO}" "$(php <<< "<?php echo PHP_VERSION ?>")"
+            printf -v phpInsMajor "%d" "$(php <<< "<?php echo PHP_MAJOR_VERSION ?>")"
+            printf -v phpInsMinor "%d" "$(php <<< "<?php echo PHP_MINOR_VERSION ?>")"
+            phpVer="php$phpInsMajor.$phpInsMinor"
+        fi
+        # Packages required to perfom the os_check (stored as an array)
+        OS_CHECK_DEPS=(grep dnsutils)
+        # Packages required to run this install script (stored as an array)
+        INSTALLER_DEPS=(git iproute2 whiptail ca-certificates)
+        # Packages required to run Pi-hole (stored as an array)
+        PIHOLE_DEPS=(cron curl iputils-ping lsof psmisc sudo unzip idn2 sqlite3 libcap2-bin dns-root-data libcap2 netcat)
+        # Packages required for the Web admin interface (stored as an array)
+        # It's useful to separate this from Pi-hole, since the two repos are also setup separately
+        PIHOLE_WEB_DEPS=(lighttpd "${phpVer}-common" "${phpVer}-cgi" "${phpVer}-sqlite3" "${phpVer}-xml" "${phpVer}-intl")
+        # Prior to PHP8.0, JSON functionality is provided as dedicated module, required by Pi-hole AdminLTE: https://www.php.net/manual/json.installation.php
+        if [[ -z "${phpInsMajor}" || "${phpInsMajor}" -lt 8 ]]; then
+            PIHOLE_WEB_DEPS+=("${phpVer}-json")
+        fi
+        # The Web server user,
+        LIGHTTPD_USER="www-data"
+        # group,
+        LIGHTTPD_GROUP="www-data"
+        # and config file
+        LIGHTTPD_CFG="lighttpd.conf.debian"
 
-    # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished.
-    test_dpkg_lock() {
-        i=0
-        # fuser is a program to show which processes use the named files, sockets, or filesystems
-        # So while the lock is held,
-        while fuser /var/lib/dpkg/lock >/dev/null 2>&1
-        do
-            # we wait half a second,
-            sleep 0.5
-            # increase the iterator,
-            ((i=i+1))
-        done
-        # and then report success once dpkg is unlocked.
-        return 0
-    }
+        # This function waits for dpkg to unlock, which signals that the previous apt-get command has finished.
+        test_dpkg_lock() {
+            i=0
+            # fuser is a program to show which processes use the named files, sockets, or filesystems
+            # So while the lock is held,
+            while fuser /var/lib/dpkg/lock >/dev/null 2>&1
+            do
+                # we wait half a second,
+                sleep 0.5
+                # increase the iterator,
+                ((i=i+1))
+            done
+            # and then report success once dpkg is unlocked.
+            return 0
+        }
 
-# If apt-get is not found, check for rpm.
-elif is_command rpm ; then
-    # Then check if dnf or yum is the package manager
-    if is_command dnf ; then
-        PKG_MANAGER="dnf"
+    # If apt-get is not found, check for rpm.
+    elif is_command rpm ; then
+        # Then check if dnf or yum is the package manager
+        if is_command dnf ; then
+            PKG_MANAGER="dnf"
+        else
+            PKG_MANAGER="yum"
+        fi
+
+        # These variable names match the ones for apt-get. See above for an explanation of what they are for.
+        PKG_INSTALL=("${PKG_MANAGER}" install -y)
+        PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
+        OS_CHECK_DEPS=(grep bind-utils)
+        INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates)
+        PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof nmap-ncat)
+        PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl)
+        LIGHTTPD_USER="lighttpd"
+        LIGHTTPD_GROUP="lighttpd"
+        LIGHTTPD_CFG="lighttpd.conf.fedora"
+
+    # If neither apt-get or yum/dnf package managers were found
     else
-        PKG_MANAGER="yum"
+        # we cannot install required packages
+        printf "  %b No supported package manager found\\n" "${CROSS}"
+        # so exit the installer
+        exit
     fi
-
-    # These variable names match the ones for apt-get. See above for an explanation of what they are for.
-    PKG_INSTALL=("${PKG_MANAGER}" install -y)
-    PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
-    OS_CHECK_DEPS=(grep bind-utils)
-    INSTALLER_DEPS=(git iproute newt procps-ng which chkconfig ca-certificates)
-    PIHOLE_DEPS=(cronie curl findutils sudo unzip libidn2 psmisc sqlite libcap lsof)
-    PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php-common php-cli php-pdo php-xml php-json php-intl)
-    LIGHTTPD_USER="lighttpd"
-    LIGHTTPD_GROUP="lighttpd"
-    LIGHTTPD_CFG="lighttpd.conf.fedora"
-
-# If neither apt-get or yum/dnf package managers were found
-else
-    # we cannot install required packages
-    printf "  %b No supported package manager found\\n" "${CROSS}"
-    # so exit the installer
-    exit
-fi
 }
 
 select_rpm_php(){
-# If the host OS is Fedora,
-if grep -qiE 'fedora|fedberry' /etc/redhat-release; then
-    # all required packages should be available by default with the latest fedora release
-    : # continue
-# or if host OS is CentOS,
-elif grep -qiE 'centos|scientific' /etc/redhat-release; then
-    # Pi-Hole currently supports CentOS 7+ with PHP7+
-    SUPPORTED_CENTOS_VERSION=7
-    SUPPORTED_CENTOS_PHP_VERSION=7
-    # Check current CentOS major release version
-    CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release)
-    # Check if CentOS version is supported
-    if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then
-        printf "  %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}"
-        printf "      Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}"
-        # exit the installer
-        exit
-    fi
-    # php-json is not required on CentOS 7 as it is already compiled into php
-    # verifiy via `php -m | grep json`
-    if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then
-        # create a temporary array as arrays are not designed for use as mutable data structures
-        CENTOS7_PIHOLE_WEB_DEPS=()
-        for i in "${!PIHOLE_WEB_DEPS[@]}"; do
-            if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then
-                CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" )
-            fi
-        done
-        # re-assign the clean dependency array back to PIHOLE_WEB_DEPS
-        PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}")
-        unset CENTOS7_PIHOLE_WEB_DEPS
-    fi
-    # CentOS requires the EPEL repository to gain access to Fedora packages
-    EPEL_PKG="epel-release"
-    rpm -q ${EPEL_PKG} &> /dev/null || rc=$?
-    if [[ $rc -ne 0 ]]; then
-        printf "  %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}"
-        "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null
-        printf "  %b Installed %s\\n" "${TICK}" "${EPEL_PKG}"
-    fi
+    # If the host OS is Fedora,
+    if grep -qiE 'fedora|fedberry' /etc/redhat-release; then
+        # all required packages should be available by default with the latest fedora release
+        : # continue
+    # or if host OS is CentOS,
+    elif grep -qiE 'centos|scientific' /etc/redhat-release; then
+        # Pi-Hole currently supports CentOS 7+ with PHP7+
+        SUPPORTED_CENTOS_VERSION=7
+        SUPPORTED_CENTOS_PHP_VERSION=7
+        # Check current CentOS major release version
+        CURRENT_CENTOS_VERSION=$(grep -oP '(?<= )[0-9]+(?=\.?)' /etc/redhat-release)
+        # Check if CentOS version is supported
+        if [[ $CURRENT_CENTOS_VERSION -lt $SUPPORTED_CENTOS_VERSION ]]; then
+            printf "  %b CentOS %s is not supported.\\n" "${CROSS}" "${CURRENT_CENTOS_VERSION}"
+            printf "      Please update to CentOS release %s or later.\\n" "${SUPPORTED_CENTOS_VERSION}"
+            # exit the installer
+            exit
+        fi
+        # php-json is not required on CentOS 7 as it is already compiled into php
+        # verifiy via `php -m | grep json`
+        if [[ $CURRENT_CENTOS_VERSION -eq 7 ]]; then
+            # create a temporary array as arrays are not designed for use as mutable data structures
+            CENTOS7_PIHOLE_WEB_DEPS=()
+            for i in "${!PIHOLE_WEB_DEPS[@]}"; do
+                if [[ ${PIHOLE_WEB_DEPS[i]} != "php-json" ]]; then
+                    CENTOS7_PIHOLE_WEB_DEPS+=( "${PIHOLE_WEB_DEPS[i]}" )
+                fi
+            done
+            # re-assign the clean dependency array back to PIHOLE_WEB_DEPS
+            PIHOLE_WEB_DEPS=("${CENTOS7_PIHOLE_WEB_DEPS[@]}")
+            unset CENTOS7_PIHOLE_WEB_DEPS
+        fi
+        # CentOS requires the EPEL repository to gain access to Fedora packages
+        EPEL_PKG="epel-release"
+        rpm -q ${EPEL_PKG} &> /dev/null || rc=$?
+        if [[ $rc -ne 0 ]]; then
+            printf "  %b Enabling EPEL package repository (https://fedoraproject.org/wiki/EPEL)\\n" "${INFO}"
+            "${PKG_INSTALL[@]}" ${EPEL_PKG} &> /dev/null
+            printf "  %b Installed %s\\n" "${TICK}" "${EPEL_PKG}"
+        fi
 
-    # The default php on CentOS 7.x is 5.4 which is EOL
-    # Check if the version of PHP available via installed repositories is >= to PHP 7
-    AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1)
-    if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then
-        # Since PHP 7 is available by default, install via default PHP package names
-        : # do nothing as PHP is current
-    else
-        REMI_PKG="remi-release"
-        REMI_REPO="remi-php72"
-        rpm -q ${REMI_PKG} &> /dev/null || rc=$?
-    if [[ $rc -ne 0 ]]; then
-        # The PHP version available via default repositories is older than version 7
-        if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then
-            # User decided to NOT update PHP from REMI, attempt to install the default available PHP version
-            printf "  %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}"
-            : # continue with unsupported php version
+        # The default php on CentOS 7.x is 5.4 which is EOL
+        # Check if the version of PHP available via installed repositories is >= to PHP 7
+        AVAILABLE_PHP_VERSION=$("${PKG_MANAGER}" info php | grep -i version | grep -o '[0-9]\+' | head -1)
+        if [[ $AVAILABLE_PHP_VERSION -ge $SUPPORTED_CENTOS_PHP_VERSION ]]; then
+            # Since PHP 7 is available by default, install via default PHP package names
+            : # do nothing as PHP is current
         else
-            printf "  %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}"
-            "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null
-            # enable the PHP 7 repository via yum-config-manager (provided by yum-utils)
-            "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null
-            yum-config-manager --enable ${REMI_REPO} &> /dev/null
-            printf "  %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}"
-            # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI
-            if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then
-                printf "  %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}"
+            REMI_PKG="remi-release"
+            REMI_REPO="remi-php72"
+            rpm -q ${REMI_PKG} &> /dev/null || rc=$?
+            if [[ $rc -ne 0 ]]; then
+                # The PHP version available via default repositories is older than version 7
+                if ! whiptail --defaultno --title "PHP 7 Update (recommended)" --yesno "PHP 7.x is recommended for both security and language features.\\nWould you like to install PHP7 via Remi's RPM repository?\\n\\nSee: https://rpms.remirepo.net for more information" "${r}" "${c}"; then
+                    # User decided to NOT update PHP from REMI, attempt to install the default available PHP version
+                    printf "  %b User opt-out of PHP 7 upgrade on CentOS. Deprecated PHP may be in use.\\n" "${INFO}"
+                    : # continue with unsupported php version
+                else
+                    printf "  %b Enabling Remi's RPM repository (https://rpms.remirepo.net)\\n" "${INFO}"
+                    "${PKG_INSTALL[@]}" "https://rpms.remirepo.net/enterprise/${REMI_PKG}-$(rpm -E '%{rhel}').rpm" &> /dev/null
+                    # enable the PHP 7 repository via yum-config-manager (provided by yum-utils)
+                    "${PKG_INSTALL[@]}" "yum-utils" &> /dev/null
+                    yum-config-manager --enable ${REMI_REPO} &> /dev/null
+                    printf "  %b Remi's RPM repository has been enabled for PHP7\\n" "${TICK}"
+                    # trigger an install/update of PHP to ensure previous version of PHP is updated from REMI
+                    if "${PKG_INSTALL[@]}" "php-cli" &> /dev/null; then
+                        printf "  %b PHP7 installed/updated via Remi's RPM repository\\n" "${TICK}"
+                    else
+                        printf "  %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}"
+                        exit 1
+                    fi
+                fi
+            fi    # Warn user of unsupported version of Fedora or CentOS
+            if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then
+                printf "  %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}"
+                exit
             else
-                printf "  %b There was a problem updating to PHP7 via Remi's RPM repository\\n" "${CROSS}"
-                exit 1
+                printf "  %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}"
             fi
         fi
-    fi    # Warn user of unsupported version of Fedora or CentOS
-    if ! whiptail --defaultno --title "Unsupported RPM based distribution" --yesno "Would you like to continue installation on an unsupported RPM based distribution?\\n\\nPlease ensure the following packages have been installed manually:\\n\\n- lighttpd\\n- lighttpd-fastcgi\\n- PHP version 7+" "${r}" "${c}"; then
-        printf "  %b Aborting installation due to unsupported RPM based distribution\\n" "${CROSS}"
-        exit
-    else
-        printf "  %b Continuing installation with unsupported RPM based distribution\\n" "${INFO}"
     fi
-fi
-fi
 }
 
 # A function for checking if a directory is a git repository
@@ -519,7 +519,7 @@ update_repo() {
     # In case extra commits have been added after tagging/release (i.e in case of metadata updates/README.MD tweaks)
     curBranch=$(git rev-parse --abbrev-ref HEAD)
     if [[ "${curBranch}" == "master" ]]; then
-         git reset --hard "$(git describe --abbrev=0 --tags)" || return $?
+        git reset --hard "$(git describe --abbrev=0 --tags)" || return $?
     fi
     # Show a completion message
     printf "%b  %b %s\\n" "${OVER}" "${TICK}" "${str}"
@@ -629,12 +629,12 @@ welcomeDialogs() {
 IMPORTANT: If you have not already done so, you must ensure that this device has a static IP. Either through DHCP reservation, or by manually assigning one. Depending on your operating system, there are many ways to achieve this.
 
 Choose yes to indicate that you have understood this message, and wish to continue" "${r}" "${c}"; then
-#Nothing to do, continue
-  echo
-else
-  printf "  %b Installer exited at static IP message.\\n" "${INFO}"
-  exit 1
-fi
+        #Nothing to do, continue
+        echo
+    else
+        printf "  %b Installer exited at static IP message.\\n" "${INFO}"
+        exit 1
+    fi
 }
 
 # A function that lets the user pick an interface to use with Pi-hole
@@ -759,8 +759,8 @@ collect_v4andv6_information() {
     printf "  %b IPv4 address: %s\\n" "${INFO}" "${IPV4_ADDRESS}"
     # if `dhcpcd` is used offer to set this as static IP for the device
     if [[ -f "/etc/dhcpcd.conf" ]]; then
-            # configure networking via dhcpcd
-            getStaticIPv4Settings
+        # configure networking via dhcpcd
+        getStaticIPv4Settings
     fi
     find_IPv6_information
     printf "  %b IPv6 address: %s\\n" "${INFO}" "${IPV6_ADDRESS}"
@@ -856,7 +856,7 @@ valid_ip() {
     # Regex matching an optional port (starting with '#') range of 1-65536
     local portelem="(#(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}|0))?";
     # Build a full IPv4 regex from the above subexpressions
-    local regex="^${ipv4elem}\.${ipv4elem}\.${ipv4elem}\.${ipv4elem}${portelem}$"
+    local regex="^${ipv4elem}\\.${ipv4elem}\\.${ipv4elem}\\.${ipv4elem}${portelem}$"
 
     # Evaluate the regex, and return the result
     [[ $ip =~ ${regex} ]]
@@ -913,8 +913,8 @@ setDNS() {
     IFS=${OIFS}
     # In a whiptail dialog, show the options
     DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." "${r}" "${c}" 7 \
-    "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \
-    # Exit if the user selects "Cancel"
+        "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \
+        # Exit if the user selects "Cancel"
     { printf "  %bCancel was selected, exiting installer%b\\n" "${COL_LIGHT_RED}" "${COL_NC}"; exit 1; }
 
     # Depending on the user's choice, set the GLOBAL variables to the IP of the respective provider
@@ -1180,8 +1180,8 @@ version_check_dnsmasq() {
             install -D -m 644 -T "${dnsmasq_original_config}" "${dnsmasq_conf}"
             printf "%b  %b Restoring default dnsmasq.conf...\\n" "${OVER}"  "${TICK}"
         else
-        # Otherwise, don't to anything
-        printf " it is not a Pi-hole file, leaving alone!\\n"
+            # Otherwise, don't to anything
+            printf " it is not a Pi-hole file, leaving alone!\\n"
         fi
     else
         # If a file cannot be found,
@@ -1216,8 +1216,8 @@ version_check_dnsmasq() {
         sed -i '/^server=@DNS2@/d' "${dnsmasq_pihole_01_target}"
     fi
 
-	# Set the cache size
-	sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}"
+    # Set the cache size
+    sed -i "s/@CACHE_SIZE@/$CACHE_SIZE/" "${dnsmasq_pihole_01_target}"
 
     sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' "${dnsmasq_conf}"
 
@@ -1299,10 +1299,10 @@ installConfigs() {
     echo "${DNS_SERVERS}" > "${PI_HOLE_CONFIG_DIR}/dns-servers.conf"
     chmod 644 "${PI_HOLE_CONFIG_DIR}/dns-servers.conf"
 
-    # Install empty file if it does not exist
+    # Install template file if it does not exist
     if [[ ! -r "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" ]]; then
         install -d -m 0755 ${PI_HOLE_CONFIG_DIR}
-        if ! install -o pihole -m 664 /dev/null "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" &>/dev/null; then
+        if ! install -T -o pihole -m 664 "${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole-FTL.conf" "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" &>/dev/null; then
             printf "  %bError: Unable to initialize configuration file %s/pihole-FTL.conf\\n" "${COL_LIGHT_RED}" "${PI_HOLE_CONFIG_DIR}"
             return 1
         fi
@@ -1334,7 +1334,7 @@ installConfigs() {
         chmod 644 /etc/lighttpd/external.conf
         # If there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config
         if [[ -f "${PI_HOLE_BLOCKPAGE_DIR}/custom.php" ]]; then
-            sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' "${lighttpdConfig}"
+            sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"\/pihole\/custom\.php"/' "${lighttpdConfig}"
         fi
         # Make the directories if they do not exist and set the owners
         mkdir -p /run/lighttpd
@@ -1565,7 +1565,7 @@ install_dependent_packages() {
 
     # Install Fedora/CentOS packages
     for i in "$@"; do
-    # For each package, check if it's already installed (and if so, don't add it to the installArray)
+        # For each package, check if it's already installed (and if so, don't add it to the installArray)
         printf "  %b Checking for %s..." "${INFO}" "${i}"
         if "${PKG_MANAGER}" -q list installed "${i}" &> /dev/null; then
             printf "%b  %b Checking for %s\\n" "${OVER}" "${TICK}" "${i}"
@@ -1731,22 +1731,23 @@ finalExports() {
     # If the setup variable file exists,
     if [[ -e "${setupVars}" ]]; then
         # update the variables in the file
-        sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1\b/d;/PIHOLE_DNS_2\b/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;/CACHE_SIZE/d;/DNS_FQDN_REQUIRED/d;/DNS_BOGUS_PRIV/d;' "${setupVars}"
+        sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1\b/d;/PIHOLE_DNS_2\b/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;/CACHE_SIZE/d;/DNS_FQDN_REQUIRED/d;/DNS_BOGUS_PRIV/d;/DNSMASQ_LISTENING/d;' "${setupVars}"
     fi
     # echo the information to the user
     {
-    echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
-    echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
-    echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
-    echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
-    echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
-    echo "QUERY_LOGGING=${QUERY_LOGGING}"
-    echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}"
-    echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
-    echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}"
-    echo "CACHE_SIZE=${CACHE_SIZE}"
-    echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}"
-    echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}"
+        echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
+        echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
+        echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
+        echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
+        echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
+        echo "QUERY_LOGGING=${QUERY_LOGGING}"
+        echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}"
+        echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
+        echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}"
+        echo "CACHE_SIZE=${CACHE_SIZE}"
+        echo "DNS_FQDN_REQUIRED=${DNS_FQDN_REQUIRED:-true}"
+        echo "DNS_BOGUS_PRIV=${DNS_BOGUS_PRIV:-true}"
+        echo "DNSMASQ_LISTENING=${DNSMASQ_LISTENING:-local}"
     }>> "${setupVars}"
     chmod 644 "${setupVars}"
 
@@ -1862,7 +1863,7 @@ checkSelinux() {
     local CURRENT_SELINUX
     local SELINUX_ENFORCING=0
     # Check for SELinux configuration file and getenforce command
-    if [[ -f /etc/selinux/config ]] && command -v getenforce &> /dev/null; then
+    if [[ -f /etc/selinux/config ]] && is_command getenforce; then
         # Check the default SELinux mode
         DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config)
         case "${DEFAULT_SELINUX,,}" in
@@ -1921,7 +1922,7 @@ displayFinalMessage() {
         additional="View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin
 
 Your Admin Webpage login password is ${pwstring}"
-   fi
+    fi
 
     # Final completion message to user
     whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using:
@@ -2094,7 +2095,6 @@ clone_or_update_repos() {
 # shellcheck disable=SC2120
 FTLinstall() {
     # Local, named variables
-    local latesttag
     local str="Downloading and Installing FTL"
     printf "  %b %s..." "${INFO}" "${str}"
 
@@ -2165,7 +2165,7 @@ FTLinstall() {
 
 disable_dnsmasq() {
     # dnsmasq can now be stopped and disabled if it exists
-    if which dnsmasq &> /dev/null; then
+    if is_command dnsmasq; then
         if check_service_active "dnsmasq";then
             printf "  %b FTL can now resolve DNS Queries without dnsmasq running separately\\n" "${INFO}"
             stop_service dnsmasq
@@ -2278,7 +2278,7 @@ FTLcheckUpdate() {
     printf "  %b Checking for existing FTL binary...\\n" "${INFO}"
 
     local ftlLoc
-    ftlLoc=$(which pihole-FTL 2>/dev/null)
+    ftlLoc=$(command -v pihole-FTL 2>/dev/null)
 
     local ftlBranch
 
@@ -2295,7 +2295,7 @@ FTLcheckUpdate() {
     local localSha1
 
     # if dnsmasq exists and is running at this point, force reinstall of FTL Binary
-    if which dnsmasq &> /dev/null; then
+    if is_command dnsmasq; then
         if check_service_active "dnsmasq";then
             return 0
         fi
@@ -2316,7 +2316,7 @@ FTLcheckUpdate() {
             # We already have a pihole-FTL binary downloaded.
             # Alt branches don't have a tagged version against them, so just confirm the checksum of the local vs remote to decide whether we download or not
             remoteSha1=$(curl -sSL --fail "https://ftl.pi-hole.net/${ftlBranch}/${binary}.sha1" | cut -d ' ' -f 1)
-            localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
+            localSha1=$(sha1sum "$(command -v pihole-FTL)" | cut -d ' ' -f 1)
 
             if [[ "${remoteSha1}" != "${localSha1}" ]]; then
                 printf "  %b Checksums do not match, downloading from ftl.pi-hole.net.\\n" "${INFO}"
@@ -2346,7 +2346,7 @@ FTLcheckUpdate() {
                 printf "  %b Latest FTL Binary already installed (%s). Confirming Checksum...\\n" "${INFO}" "${FTLlatesttag}"
 
                 remoteSha1=$(curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${FTLversion%$'\r'}/${binary}.sha1" | cut -d ' ' -f 1)
-                localSha1=$(sha1sum "$(which pihole-FTL)" | cut -d ' ' -f 1)
+                localSha1=$(sha1sum "$(command -v pihole-FTL)" | cut -d ' ' -f 1)
 
                 if [[ "${remoteSha1}" != "${localSha1}" ]]; then
                     printf "  %b Corruption detected...\\n" "${INFO}"
@@ -2456,7 +2456,7 @@ main() {
 
     #In case of RPM based distro, select the proper PHP version
     if [[ "$PKG_MANAGER" == "yum" || "$PKG_MANAGER" == "dnf" ]] ; then
-      select_rpm_php
+        select_rpm_php
     fi
 
     # Check if SELinux is Enforcing

gravity.sh

@@ -75,7 +75,12 @@ fi
 
 # Generate new sqlite3 file from schema template
 generate_gravity_database() {
-  sqlite3 "${1}" < "${gravityDBschema}"
+  if ! sqlite3 "${gravityDBfile}" < "${gravityDBschema}"; then
+    echo -e "   ${CROSS} Unable to create ${gravityDBfile}"
+    return 1
+  fi
+  chown pihole:pihole "${gravityDBfile}"
+  chmod g+w "${piholeDir}" "${gravityDBfile}"
 }
 
 # Copy data from old to new database file and swap them
@@ -213,7 +218,7 @@ database_table_from_file() {
   # Move source file to backup directory, create directory if not existing
   mkdir -p "${backup_path}"
   mv "${source}" "${backup_file}" 2> /dev/null || \
-      echo -e "  ${CROSS} Unable to backup ${source} to ${backup_path}"
+    echo -e "  ${CROSS} Unable to backup ${source} to ${backup_path}"
 
   # Delete tmpFile
   rm "${tmpFile}" > /dev/null 2>&1 || \
@@ -248,7 +253,7 @@ database_adlist_number() {
     return;
   fi
 
-  output=$( { printf ".timeout 30000\\nUPDATE adlist SET number = %i, invalid_domains = %i WHERE id = %i;\\n" "${num_lines}" "${num_invalid}" "${1}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\nUPDATE adlist SET number = %i, invalid_domains = %i WHERE id = %i;\\n" "${num_source_lines}" "${num_invalid}" "${1}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
   status="$?"
 
   if [[ "${status}" -ne 0 ]]; then
@@ -279,7 +284,10 @@ migrate_to_database() {
   if [ ! -e "${gravityDBfile}" ]; then
     # Create new database file - note that this will be created in version 1
     echo -e "  ${INFO} Creating new gravity database"
-    generate_gravity_database "${gravityDBfile}"
+    if ! generate_gravity_database; then
+      echo -e "   ${CROSS} Error creating new gravity database. Please contact support."
+      return 1
+    fi
 
     # Check if gravity database needs to be updated
     upgrade_gravityDB "${gravityDBfile}" "${piholeDir}"
@@ -430,9 +438,9 @@ gravity_DownloadBlocklists() {
     compression="--compressed"
     echo -e "  ${INFO} Using libz compression\n"
   else
-      compression=""
-      echo -e "  ${INFO} Libz compression not available\n"
-    fi
+    compression=""
+    echo -e "  ${INFO} Libz compression not available\n"
+  fi
   # Loop through $sources and download each one
   for ((i = 0; i < "${#sources[@]}"; i++)); do
     url="${sources[$i]}"
@@ -462,9 +470,9 @@ gravity_DownloadBlocklists() {
     check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$url" )"
 
     if [[ "${check_url}" =~ ${regex} ]]; then
-        echo -e "  ${CROSS} Invalid Target"
+      echo -e "  ${CROSS} Invalid Target"
     else
-       gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}"
+      gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}"
     fi
     echo ""
   done
@@ -503,8 +511,9 @@ gravity_DownloadBlocklists() {
   gravity_Blackbody=true
 }
 
-total_num=0
-num_lines=0
+# num_target_lines does increase for every correctly added domain in pareseList()
+num_target_lines=0
+num_source_lines=0
 num_invalid=0
 parseList() {
   local adlistID="${1}" src="${2}" target="${3}" incorrect_lines
@@ -516,18 +525,20 @@ parseList() {
   # Find (up to) five domains containing invalid characters (see above)
   incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)"
 
-  local num_target_lines num_correct_lines num_invalid
+  local num_target_lines_new num_correct_lines
   # Get number of lines in source file
-  num_lines="$(grep -c "^" "${src}")"
-  # Get number of lines in destination file
-  num_target_lines="$(grep -c "^" "${target}")"
-  num_correct_lines="$(( num_target_lines-total_num ))"
-  total_num="$num_target_lines"
-  num_invalid="$(( num_lines-num_correct_lines ))"
+  num_source_lines="$(grep -c "^" "${src}")"
+  # Get the new number of lines in destination file
+  num_target_lines_new="$(grep -c "^" "${target}")"
+  # Number of new correctly added lines
+  num_correct_lines="$(( num_target_lines_new-num_target_lines ))"
+  # Upate number of lines in target file
+  num_target_lines="$num_target_lines_new"
+  num_invalid="$(( num_source_lines-num_correct_lines ))"
   if [[ "${num_invalid}" -eq 0 ]]; then
-    echo "  ${INFO} Analyzed ${num_lines} domains"
+    echo "  ${INFO} Analyzed ${num_source_lines} domains"
   else
-    echo "  ${INFO} Analyzed ${num_lines} domains, ${num_invalid} domains invalid!"
+    echo "  ${INFO} Analyzed ${num_source_lines} domains, ${num_invalid} domains invalid!"
   fi
 
   # Display sample of invalid lines if we found some
@@ -583,28 +594,32 @@ gravity_DownloadBlocklistFromUrl() {
   blocked=false
   case $BLOCKINGMODE in
     "IP-NODATA-AAAA"|"IP")
-        # Get IP address of this domain
-        ip="$(dig "${domain}" +short)"
-        # Check if this IP matches any IP of the system
-        if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then
-          blocked=true
-        fi;;
+      # Get IP address of this domain
+      ip="$(dig "${domain}" +short)"
+      # Check if this IP matches any IP of the system
+      if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then
+        blocked=true
+      fi;;
     "NXDOMAIN")
-        if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
+      if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
+        blocked=true
+      fi;;
+    "NODATA")
+      if [[ $(dig "${domain}" | grep "NOERROR" -c) -ge 1 ]] && [[ -z $(dig +short "${domain}") ]]; then
+         blocked=true
+      fi;;
     "NULL"|*)
-        if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
-          blocked=true
-        fi;;
-   esac
+      if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
+        blocked=true
+      fi;;
+  esac
 
   if [[ "${blocked}" == true ]]; then
     printf -v ip_addr "%s" "${PIHOLE_DNS_1%#*}"
     if [[ ${PIHOLE_DNS_1} != *"#"* ]]; then
-        port=53
+      port=53
     else
-        printf -v port "%s" "${PIHOLE_DNS_1#*#}"
+      printf -v port "%s" "${PIHOLE_DNS_1#*#}"
     fi
     ip=$(dig "@${ip_addr}" -p "${port}" +short "${domain}" | tail -1)
     if [[ $(echo "${url}" | awk -F '://' '{print $1}') = "https" ]]; then
@@ -623,11 +638,11 @@ gravity_DownloadBlocklistFromUrl() {
   case $url in
     # Did we "download" a local file?
     "file"*)
-        if [[ -s "${patternBuffer}" ]]; then
-          echo -e "${OVER}  ${TICK} ${str} Retrieval successful"; success=true
-        else
-          echo -e "${OVER}  ${CROSS} ${str} Not found / empty list"
-        fi;;
+      if [[ -s "${patternBuffer}" ]]; then
+        echo -e "${OVER}  ${TICK} ${str} Retrieval successful"; success=true
+      else
+        echo -e "${OVER}  ${CROSS} ${str} Not found / empty list"
+      fi;;
     # Did we "download" a remote file?
     *)
       # Determine "Status:" output based on HTTP response
@@ -686,7 +701,7 @@ gravity_DownloadBlocklistFromUrl() {
     else
       echo -e "  ${CROSS} List download failed: ${COL_LIGHT_RED}no cached list available${COL_NC}"
       # Manually reset these two numbers because we do not call parseList here
-      num_lines=0
+      num_source_lines=0
       num_invalid=0
       database_adlist_number "${adlistID}"
       database_adlist_status "${adlistID}" "4"
@@ -845,6 +860,49 @@ gravity_Cleanup() {
   fi
 }
 
+database_recovery() {
+  local result
+  local str="Checking integrity of existing gravity database"
+  local option="${1}"
+  echo -ne "  ${INFO} ${str}..."
+  if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"; then
+    echo -e "${OVER}  ${TICK} ${str} - no errors found"
+
+    str="Checking foreign keys of existing gravity database"
+    echo -ne "  ${INFO} ${str}..."
+    if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"; then
+      echo -e "${OVER}  ${TICK} ${str} - no errors found"
+      if [[ "${option}" != "force" ]]; then
+        return
+      fi
+    else
+      echo -e "${OVER}  ${CROSS} ${str} - errors found:"
+      while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
+    fi
+  else
+    echo -e "${OVER}  ${CROSS} ${str} - errors found:"
+    while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
+  fi
+
+  str="Trying to recover existing gravity database"
+  echo -ne "  ${INFO} ${str}..."
+  # We have to remove any possibly existing recovery database or this will fail
+  rm -f "${gravityDBfile}.recovered" > /dev/null 2>&1
+  if result="$(pihole-FTL sqlite3 "${gravityDBfile}" ".recover" | pihole-FTL sqlite3 "${gravityDBfile}.recovered" 2>&1)"; then
+    echo -e "${OVER}  ${TICK} ${str} - success"
+    mv "${gravityDBfile}" "${gravityDBfile}.old"
+    mv "${gravityDBfile}.recovered" "${gravityDBfile}"
+    echo -ne " ${INFO} ${gravityDBfile} has been recovered"
+    echo -ne " ${INFO} The old ${gravityDBfile} has been moved to ${gravityDBfile}.old"
+  else
+    echo -e "${OVER}  ${CROSS} ${str} - the following errors happened:"
+    while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
+    echo -e "  ${CROSS} Recovery failed. Try \"pihole -r recreate\" instead."
+    exit 1
+  fi
+  echo ""
+}
+
 helpFunc() {
   echo "Usage: pihole -g
 Update domains from blocklists specified in adlists.list
@@ -855,10 +913,37 @@ Options:
   exit 0
 }
 
+repairSelector() {
+  case "$1" in
+    "recover") recover_database=true;;
+    "recreate") recreate_database=true;;
+    *) echo "Usage: pihole -g -r {recover,recreate}
+Attempt to repair gravity database
+
+Available options:
+  pihole -g -r recover        Try to recover a damaged gravity database file.
+                              Pi-hole tries to restore as much as possible
+                              from a corrupted gravity database.
+
+  pihole -g -r recover force  Pi-hole will run the recovery process even when
+                              no damage is detected. This option is meant to be
+                              a last resort. Recovery is a fragile task
+                              consuming a lot of resources and shouldn't be
+                              performed unnecessarily.
+
+  pihole -g -r recreate       Create a new gravity database file from scratch.
+                              This will remove your existing gravity database
+                              and create a new file from scratch. If you still
+                              have the migration backup created when migrating
+                              to Pi-hole v5.0, Pi-hole will import these files."
+    exit 0;;
+  esac
+}
+
 for var in "$@"; do
   case "${var}" in
     "-f" | "--force" ) forceDelete=true;;
-    "-r" | "--recreate" ) recreate_database=true;;
+    "-r" | "--repair" ) repairSelector "$3";;
     "-h" | "--help" ) helpFunc;;
   esac
 done
@@ -872,7 +957,7 @@ fi
 gravity_Trap
 
 if [[ "${recreate_database:-}" == true ]]; then
-  str="Restoring from migration backup"
+  str="Recreating gravity database from migration backup"
   echo -ne "${INFO} ${str}..."
   rm "${gravityDBfile}"
   pushd "${piholeDir}" > /dev/null || exit
@@ -881,8 +966,15 @@ if [[ "${recreate_database:-}" == true ]]; then
   echo -e "${OVER}  ${TICK} ${str}"
 fi
 
+if [[ "${recover_database:-}" == true ]]; then
+  database_recovery "$4"
+fi
+
 # Move possibly existing legacy files to the gravity database
-migrate_to_database
+if ! migrate_to_database; then
+  echo -e "   ${CROSS} Unable to migrate to database. Please contact support."
+  exit 1
+fi
 
 if [[ "${forceDelete:-}" == true ]]; then
   str="Deleting existing list cache"
@@ -893,14 +985,21 @@ if [[ "${forceDelete:-}" == true ]]; then
 fi
 
 # Gravity downloads blocklists next
-gravity_CheckDNSResolutionAvailable
+if ! gravity_CheckDNSResolutionAvailable; then
+  echo -e "   ${CROSS} Can not complete gravity update, no DNS is available. Please contact support."
+  exit 1
+fi
+
 gravity_DownloadBlocklists
 
 # Create local.list
 gravity_generateLocalList
 
 # Migrate rest of the data from old to new database
-gravity_swap_databases
+if ! gravity_swap_databases; then
+  echo -e "   ${CROSS} Unable to create database. Please contact support."
+  exit 1
+fi
 
 # Update gravity timestamp
 update_gravity_timestamp

pihole

@@ -71,8 +71,7 @@ reconfigurePiholeFunc() {
 }
 
 updateGravityFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
-  exit $?
+  exec "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
 }
 
 queryFunc() {
@@ -95,8 +94,7 @@ uninstallFunc() {
 
 versionFunc() {
   shift
-  "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
-  exit 0
+  exec "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
 }
 
 # Get PID of main pihole-FTL process
@@ -285,27 +283,28 @@ Options:
 }
 
 analyze_ports() {
+  local listening port=${1}
   # FTL is listening at least on at least one port when this
   # function is getting called
-  echo -e "  ${TICK} DNS service is listening"
   # Check individual address family/protocol combinations
   # For a healthy Pi-hole, they should all be up (nothing printed)
-  if grep -q "IPv4.*UDP" <<< "${1}"; then
+  listening="$(netstat --listening --numeric --tcp --udp | grep ":${port} ")"
+  if grep -q "udp " <<< "${listening}"; then
       echo -e "     ${TICK} UDP (IPv4)"
   else
       echo -e "     ${CROSS} UDP (IPv4)"
   fi
-  if grep -q "IPv4.*TCP" <<< "${1}"; then
+  if grep -q "tcp " <<< "${listening}"; then
       echo -e "     ${TICK} TCP (IPv4)"
   else
       echo -e "     ${CROSS} TCP (IPv4)"
   fi
-  if grep -q "IPv6.*UDP" <<< "${1}"; then
+  if grep -q "udp6 " <<< "${listening}"; then
       echo -e "     ${TICK} UDP (IPv6)"
   else
       echo -e "     ${CROSS} UDP (IPv6)"
   fi
-  if grep -q "IPv6.*TCP" <<< "${1}"; then
+  if grep -q "tcp6 " <<< "${listening}"; then
       echo -e "     ${TICK} TCP (IPv6)"
   else
       echo -e "     ${CROSS} TCP (IPv6)"
@@ -314,19 +313,31 @@ analyze_ports() {
 }
 
 statusFunc() {
-  # Determine if there is a pihole service is listening on port 53
-  local listening
-  listening="$(lsof -Pni:53)"
-  if grep -q "pihole" <<< "${listening}"; then
-    if [[ "${1}" != "web" ]]; then
-      analyze_ports "${listening}"
-    fi
-  else
+  # Determine if there is pihole-FTL service is listening
+  local listening pid port
+
+  pid="$(getFTLPID)"
+  if [[ "$pid" -eq "-1" ]]; then
     case "${1}" in
       "web") echo "-1";;
-      *) echo -e "  ${CROSS} DNS service is NOT listening";;
+      *) echo -e "  ${CROSS} DNS service is NOT running";;
     esac
     return 0
+  else
+    #get the port pihole-FTL is listening on by using FTL's telnet API
+    port="$(echo ">dns-port >quit" | nc 127.0.0.1 4711)"
+    if [[ "${port}" == "0" ]]; then
+      case "${1}" in
+        "web") echo "-1";;
+        *) echo -e "  ${CROSS} DNS service is NOT listening";;
+      esac
+      return 0
+    else
+      if [[ "${1}" != "web" ]]; then
+        echo -e "  ${TICK} FTL is listening on port ${port}"
+        analyze_ports "${port}"
+      fi
+    fi
   fi
 
   # Determine if Pi-hole's blocking is enabled
@@ -339,18 +350,19 @@ statusFunc() {
   elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf;  then
     # Configs are set
     case "${1}" in
-      "web") echo 1;;
+      "web") echo "$port";;
       *) echo -e "  ${TICK} Pi-hole blocking is enabled";;
     esac
   else
     # No configs were found
     case "${1}" in
-      "web") echo 99;;
+      "web") echo -2;;
       *) echo -e "  ${INFO} Pi-hole blocking will be enabled";;
     esac
     # Enable blocking
     "${PI_HOLE_BIN_DIR}"/pihole enable
   fi
+
 }
 
 tailFunc() {

test/test_automated_install.py

@@ -1085,9 +1085,9 @@ def test_os_check_fails(host):
     install_dependent_packages ${OS_CHECK_DEPS[@]}
     install_dependent_packages ${INSTALLER_DEPS[@]}
     cat <<EOT > /etc/os-release
-    ID=UnsupportedOS
-    VERSION_ID="2"
-    EOT
+ID=UnsupportedOS
+VERSION_ID="2"
+EOT
     ''')
     detectOS = host.run('''t
     source /opt/pihole/basic-install.sh