Do not exit 1 if pkill killed Pi-hole. Killing is not an error

Signed-off-by: Christian König <ckoenig@posteo.de>
Do not create pid and port file during service startup. The files are created by FTL itself
2022-04-14 23:25:32 +02:00 · 2022-04-14 19:47:37 +02:00 · 2022-04-13 21:45:11 +02:00 · 2022-04-13 21:31:29 +02:00 · 2022-04-04 21:51:32 +02:00 · 2022-04-04 10:06:52 +02:00
91 changed files with 4270 additions and 2734 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,10 @@
 version: 2
 updates:
 - package-ecosystem: github-actions
  directory: "/"
  schedule:
    interval: weekly
    day: saturday
    time: "10:00"
  open-pull-requests-limit: 10
  target-branch: developement
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -0,0 +1,7 @@
 changelog:
  exclude:
    labels:
      - internal
    authors:
      - dependabot
      - github-actions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,40 @@
 name: "CodeQL"
 on:
  push:
    branches:
      - master
      - development
  pull_request:
    branches:
      - master
      - development
  schedule:
    - cron: '32 11 * * 6'
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
    -
      name: Checkout repository
      uses: actions/checkout@v2
    # Initializes the CodeQL tools for scanning.
    -
      name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: 'python'
    -
      name: Autobuild
      uses: github/codeql-action/autobuild@v1
    -
      name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,25 @@
 name: Mark stale issues
 on:
  schedule:
  - cron: '0 * * * *'
  workflow_dispatch:
 jobs:
  stale:
    runs-on: ubuntu-latest
    permissions:
      issues: write
    steps:
    - uses: actions/stale@v4
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        days-before-stale: 30
        days-before-close: 5
        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
        stale-issue-label: 'stale'
        exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
        exempt-all-issue-assignees: true
        operations-per-run: 300
--- a/.github/workflows/sync-back-to-dev.yml
+++ b/.github/workflows/sync-back-to-dev.yml
@@ -0,0 +1,27 @@
 name: Sync Back to Development
 on:
  push:
    branches:
      - master
 jobs:
  sync-branches:
    runs-on: ubuntu-latest
    name: Syncing branches
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Opening pull request
        id: pull
        uses: tretuna/sync-branches@1.4.0
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          FROM_BRANCH: 'master'
          TO_BRANCH: 'development'
      - name: Label the pull request to ignore for release note generation
        uses: actions-ecosystem/action-add-labels@v1
        with:
          labels: internal
          repo: ${{ github.repository }}
          number: ${{ steps.pull.outputs.PULL_REQUEST_NUMBER }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,48 @@
 name: Test Supported Distributions
 on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]
 jobs:
  smoke-test:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
    steps:
    -
      name: Checkout repository
      uses: actions/checkout@v2
    -
      name: Run Smoke Tests
      run: |
        # Ensure scripts in repository are executable
        IFS=$'\n';
        for f in $(find . -name '*.sh'); do if [[ ! -x $f ]]; then echo "$f is not executable" && FAIL=1; fi ;done
        unset IFS;
        # If FAIL is 1 then we fail.
        [[ $FAIL == 1 ]] && exit 1 || echo "Smoke Tests Passed"
  distro-test:
    if: github.event.pull_request.draft == false
    runs-on: ubuntu-latest
    needs: smoke-test
    strategy:
      matrix:
        distro: [debian_9, debian_10, debian_11, ubuntu_16, ubuntu_18, ubuntu_20, ubuntu_21, centos_7, centos_8, fedora_33, fedora_34]
    env:
      DISTRO: ${{matrix.distro}}
    steps:
    -
      name: Checkout repository
      uses: actions/checkout@v2
    -
      name: Set up Python 3.8
      uses: actions/setup-python@v3
      with:
        python-version: 3.8
    -
      name: Install dependencies
      run: pip install -r test/requirements.txt
    -
      name: Test with tox
      run: tox -c test/tox.${DISTRO}.ini
--- a/.gitignore
+++ b/.gitignore
@@ -7,70 +7,6 @@ __pycache__
 .tox
 .eggs
 *.egg-info
-
+.idea/
 # Created by https://www.gitignore.io/api/jetbrains+iml
 ### JetBrains+iml ###
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 # All idea files, with exceptions
 .idea
 !.idea/codeStyles/*
 !.idea/codeStyleSettings.xml
 # Sensitive or high-churn files:
 .idea/**/dataSources/
 .idea/**/dataSources.ids
 .idea/**/dataSources.xml
 .idea/**/dataSources.local.xml
 .idea/**/sqlDataSources.xml
 .idea/**/dynamic.xml
 .idea/**/uiDesigner.xml
 # Gradle:
 .idea/**/gradle.xml
 .idea/**/libraries
 # CMake
 cmake-build-debug/
 # Mongo Explorer plugin:
 .idea/**/mongoSettings.xml
 ## File-based project format:
 *.iws
 ## Plugin-specific files:
 # IntelliJ
 /out/
 # mpeltonen/sbt-idea plugin
 .idea_modules/
 # JIRA plugin
 atlassian-ide-plugin.xml
 # Cursive Clojure plugin
 .idea/replstate.xml
 # Ruby plugin and RubyMine
 /.rakeTasks
 # Crashlytics plugin (for Android Studio and IntelliJ)
 com_crashlytics_export_strings.xml
 crashlytics.properties
 crashlytics-build.properties
 fabric.properties
 ### JetBrains+iml Patch ###
 # Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
 *.iml
-.idea/misc.xml
+.vscode/
 *.ipr
 # End of https://www.gitignore.io/api/jetbrains+iml
--- a/.idea/codeStyleSettings.xml
+++ b/.idea/codeStyleSettings.xml
@@ -1,25 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
    <component name="ProjectCodeStyleSettingsManager">
        <option name="PER_PROJECT_SETTINGS">
            <value>
                <option name="OTHER_INDENT_OPTIONS">
                    <value>
                        <option name="INDENT_SIZE" value="2" />
                        <option name="CONTINUATION_INDENT_SIZE" value="8" />
                        <option name="TAB_SIZE" value="2" />
                        <option name="USE_TAB_CHARACTER" value="false" />
                        <option name="SMART_TABS" value="false" />
                        <option name="LABEL_INDENT_SIZE" value="0" />
                        <option name="LABEL_INDENT_ABSOLUTE" value="false" />
                        <option name="USE_RELATIVE_INDENTS" value="false" />
                    </value>
                </option>
                <MarkdownNavigatorCodeStyleSettings>
                    <option name="RIGHT_MARGIN" value="72" />
                </MarkdownNavigatorCodeStyleSettings>
            </value>
        </option>
        <option name="USE_PER_PROJECT_SETTINGS" value="true" />
    </component>
 </project>
--- a/.idea/codeStyles/Project.xml
+++ b/.idea/codeStyles/Project.xml
@@ -1,7 +0,0 @@
 <component name="ProjectCodeStyleConfiguration">
  <code_scheme name="Project" version="173">
    <MarkdownNavigatorCodeStyleSettings>
      <option name="RIGHT_MARGIN" value="72" />
    </MarkdownNavigatorCodeStyleSettings>
  </code_scheme>
 </component>
--- a/.idea/codeStyles/codeStyleConfig.xml
+++ b/.idea/codeStyles/codeStyleConfig.xml
@@ -1,5 +0,0 @@
 <component name="ProjectCodeStyleConfiguration">
  <state>
    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
  </state>
 </component>
--- a/.stickler.yml
+++ b/.stickler.yml
@@ -3,3 +3,4 @@ linters:
    shell: bash
  phpcs:
  flake8:
    max-line-length: 120
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +0,0 @@
 import:
  - source: pi-hole/.github:/build-configs/core.yml@main
    if: branch = master
  - source: pi-hole/.github:/build-configs/core.yml@latest
    if: branch != master
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,37 +2,6 @@
 Please read and understand the contribution guide before creating an issue or pull request.
-## Etiquette
+The guide can be found here: [https://docs.pi-hole.net/guides/github/contributing/](https://docs.pi-hole.net/guides/github/contributing/)
 - Our goal for Pi-hole is **stability before features**.  This means we focus on squashing critical bugs before adding new features.  Often, we can do both in tandem, but bugs will take priority over a new feature.
 - Pi-hole is open source and [powered by donations](https://pi-hole.net/donate/), and as such, we give our **free time** to build, maintain, and **provide user support** for this project.  It would be extremely unfair for us to suffer abuse or anger for our hard work, so please take a moment to consider that.
 - Please be considerate towards the developers and other users when raising issues or presenting pull requests.
 - Respect our decision(s), and do not be upset or abusive if your submission is not used.
 ## Viability
 When requesting or submitting new features, first consider whether it might be useful to others. Open source projects are used by many people, who may have entirely different needs to your own. Think about whether or not your feature is likely to be used by other users of the project.
 ## Procedure
 **Before filing an issue:**
 - Attempt to replicate and **document** the problem, to ensure that it wasn't a coincidental incident.
 - Check to make sure your feature suggestion isn't already present within the project.
 - Check the pull requests tab to ensure that the bug doesn't have a fix in progress.
 - Check the pull requests tab to ensure that the feature isn't already in progress.
 **Before submitting a pull request:**
 - Check the codebase to ensure that your feature doesn't already exist.
 - Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
 - Read and understand the [DCO guidelines](https://github.com/pi-hole/pi-hole/wiki/Contributing-to-the-project) for the project.
 ## Technical Requirements
 - Submit Pull Requests to the **development branch only**.
 - Before Submitting your Pull Request, merge `development` with your new branch and fix any conflicts. (Make sure you don't break anything in development!)
 - Please use the [Google Style Guide for Shell](https://google.github.io/styleguide/shell.xml) for your code submission styles.
 - Commit Unix line endings.
 - Please use the Pi-hole brand: **Pi-hole** (Take a special look at the capitalized 'P' and a low 'h' with a hyphen)
 - (Optional fun) keep to the theme of Star Trek/black holes/gravity.
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 <!-- markdownlint-configure-file { "MD004": { "style": "consistent" } } -->
 <!-- markdownlint-disable MD033 -->
 #
 <p align="center">
    <a href="https://pi-hole.net/">
        <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_Wordmark.svg" width="150" height="260" alt="Pi-hole">
@@ -9,11 +11,9 @@
 </p>
 <!-- markdownlint-enable MD033 -->
-#
+The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content without installing any client-side software.
-The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) that protects your devices from unwanted content, without installing any client-side software.
+- **Easy-to-install**: our versatile installer walks you through the process and takes less than ten minutes
 - **Easy-to-install**: our versatile installer walks you through the process, and takes less than ten minutes
 - **Resolute**: content is blocked in _non-browser locations_, such as ad-laden mobile apps and smart TVs
 - **Responsive**: seamlessly speeds up the feel of everyday browsing by caching DNS queries
 - **Lightweight**: runs smoothly with [minimal hardware and software requirements](https://docs.pi-hole.net/main/prerequisites/)
@@ -22,12 +22,10 @@ The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th
 - **Versatile**: can optionally function as a [DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026), ensuring *all* your devices are protected automatically
 - **Scalable**: [capable of handling hundreds of millions of queries](https://pi-hole.net/2017/05/24/how-much-traffic-can-pi-hole-handle/) when installed on server-grade hardware
 - **Modern**: blocks ads over both IPv4 and IPv6
- **Free**: open source software which helps ensure _you_ are the sole person in control of your privacy
+- **Free**: open source software that helps ensure _you_ are the sole person in control of your privacy
 -----
 Master [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=master)](https://travis-ci.com/pi-hole/pi-hole) Development [![Build Status](https://travis-ci.com/pi-hole/pi-hole.svg?branch=development)](https://travis-ci.com/pi-hole/pi-hole)
 ## One-Step Automated Install
 Those who want to get started quickly and conveniently may install Pi-hole using the following command:
@@ -52,42 +50,46 @@ sudo bash basic-install.sh
 wget -O basic-install.sh https://install.pi-hole.net
 sudo bash basic-install.sh
 ```
 ### Method 3: Using Docker to deploy Pi-hole
 Please refer to the [Pi-hole docker repo](https://github.com/pi-hole/docker-pi-hole) to use the Official Docker Images.
 ## [Post-install: Make your network take advantage of Pi-hole](https://docs.pi-hole.net/main/post-install/)
 Once the installer has been run, you will need to [configure your router to have **DHCP clients use Pi-hole as their DNS server**](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245) which ensures that all devices connecting to your network will have content blocked without any further intervention.
-If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); just be sure to disable DHCP on your router first (if it has that feature available).
+If your router does not support setting the DNS server, you can [use Pi-hole's built-in DHCP server](https://discourse.pi-hole.net/t/how-do-i-use-pi-holes-built-in-dhcp-server-and-why-would-i-want-to/3026); be sure to disable DHCP on your router first (if it has that feature available).
-As a last resort, you can always manually set each device to use Pi-hole as their DNS server.
+As a last resort, you can manually set each device to use Pi-hole as their DNS server.
 -----
-## Pi-hole is free, but powered by your support
+## Pi-hole is free but powered by your support
-There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software, as well as the importance of keeping it maintained.
+There are many reoccurring costs involved with maintaining free, open source, and privacy-respecting software; expenses which [our volunteer developers](https://github.com/orgs/pi-hole/people) pitch in to cover out-of-pocket. This is just one example of how strongly we feel about our software and the importance of keeping it maintained.
 Make no mistake: **your support is absolutely vital to help keep us innovating!**
 ### [Donations](https://pi-hole.net/donate)
-Sending a donation using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses:
+Donating using our Sponsor Button is **extremely helpful** in offsetting a portion of our monthly expenses:
 ### Alternative support
 If you'd rather not donate (_which is okay!_), there are other ways you can help support us:
- [Patreon](https://patreon.com/pihole) _Become a patron for rewards_
+- [GitHub Sponsors](https://github.com/sponsors/pi-hole/)
 - [Patreon](https://patreon.com/pihole)
 - [Hetzner Cloud](https://hetzner.cloud/?ref=7aceisRX3AzA) _affiliate link_
 - [Digital Ocean](https://www.digitalocean.com/?refcode=344d234950e1) _affiliate link_
 - [Stickermule](https://www.stickermule.com/unlock?ref_id=9127301701&utm_medium=link&utm_source=invite) _earn a $10 credit after your first purchase_
- [Amazon](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
+- [Amazon US](http://www.amazon.com/exec/obidos/redirect-home/pihole09-20) _affiliate link_
- Spreading the word about our software, and how you have benefited from it
+- Spreading the word about our software and how you have benefited from it
 ### Contributing via GitHub
 We welcome _everyone_ to contribute to issue reports, suggest new features, and create pull requests.
-If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions that it asks will help the volunteers quickly understand what you're aiming to achieve.
+If you have something to add - anything from a typo through to a whole new feature, we're happy to check it out! Just make sure to fill out our template when submitting your request; the questions it asks will help the volunteers quickly understand what you're aiming to achieve.
 You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/master/automated%20install/basic-install.sh) and the [debug script](https://github.com/pi-hole/pi-hole/blob/master/advanced/Scripts/piholeDebug.sh) have an abundance of comments, which will help you better understand how Pi-hole works. They're also a valuable resource to those who want to learn how to write scripts or code a program! We encourage anyone who likes to tinker to read through it and submit a pull request for us to review.
@@ -95,7 +97,9 @@ You'll find that the [install script](https://github.com/pi-hole/pi-hole/blob/ma
 ## Getting in touch with us
-While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on a variety of social media outlets. **Please be sure to check the FAQ's** before starting a new discussion, as we do not have the spare time to reply to every request for assistance.
+While we are primarily reachable on our [Discourse User Forum](https://discourse.pi-hole.net/), we can also be found on various social media outlets.
 **Please be sure to check the FAQs** before starting a new discussion, as we do not have the spare time to reply to every request for assistance.
 - [Frequently Asked Questions](https://discourse.pi-hole.net/c/faqs)
 - [Feature Requests](https://discourse.pi-hole.net/c/feature-requests?order=votes)
@@ -106,15 +110,30 @@ While we are primarily reachable on our [Discourse User Forum](https://discourse
 ## Breakdown of Features
 ### [Faster-than-light Engine](https://github.com/pi-hole/ftl)
 [FTLDNS](https://github.com/pi-hole/ftl) is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
 Some of the statistics you can integrate include:
 - Total number of domains being blocked
 - Total number of DNS queries today
 - Total number of ads blocked today
 - Percentage of ads blocked
 - Unique domains
 - Queries forwarded (to your chosen upstream DNS server)
 - Queries cached
 - Unique clients
 Access the API via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).
 ### The Command Line Interface
-The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to be able to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
+The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the functionality necessary to fully administer the Pi-hole, without the need of the Web Interface. It's fast, user-friendly, and auditable by anyone with an understanding of `bash`.
 ![Pi-hole Blacklist Demo](https://pi-hole.github.io/graphics/Screenshots/blacklist-cli.gif)
 Some notable features include:
- [Whitelisting, Blacklisting and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex)
+- [Whitelisting, Blacklisting, and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex)
 - [Debugging utility](https://docs.pi-hole.net/core/pihole-command/#debugger)
 - [Viewing the live log file](https://docs.pi-hole.net/core/pihole-command/#tail)
 - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity)
@@ -128,11 +147,9 @@ You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-c
 This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve!
 ![Pi-hole Dashboard](https://pi-hole.github.io/graphics/Screenshots/pihole-dashboard.png)
 Some notable features include:
- Mobile friendly interface
+- Mobile-friendly interface
 - Password protection
 - Detailed graphs and doughnut charts
 - Top lists of domains and clients
@@ -144,22 +161,4 @@ Some notable features include:
 There are several ways to [access the dashboard](https://discourse.pi-hole.net/t/how-do-i-access-pi-holes-dashboard-admin-interface/3168):
 1. `http://pi.hole/admin/` (when using Pi-hole as your DNS server)
-2. `http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/`
+2. `http://<IP_ADDRESS_OF_YOUR_PI_HOLE>/admin/`
 3. `http://pi.hole/` (when using Pi-hole as your DNS server)
 ## Faster-than-light Engine
 FTLDNS is a lightweight, purpose-built daemon used to provide statistics needed for the Web Interface, and its API can be easily integrated into your own projects. As the name implies, FTLDNS does this all *very quickly*!
 Some of the statistics you can integrate include:
 - Total number of domains being blocked
 - Total number of DNS queries today
 - Total number of ads blocked today
 - Percentage of ads blocked
 - Unique domains
 - Queries forwarded (to your chosen upstream DNS server)
 - Queries cached
 - Unique clients
 The API can be accessed via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).
--- a/advanced/01-pihole.conf
+++ b/advanced/01-pihole.conf
@@ -34,11 +34,9 @@ server=@DNS2@
 interface=@INT@
-cache-size=10000
+cache-size=@CACHE_SIZE@
 log-queries
 log-facility=/var/log/pihole.log
 local-ttl=2
 log-async
--- a/advanced/06-rfc6761.conf
+++ b/advanced/06-rfc6761.conf
@@ -0,0 +1,42 @@
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2021 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # RFC 6761 config file for Pi-hole
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 ###############################################################################
 #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
 # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
 #                                                                             #
 #             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
 #                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
 ###############################################################################
 # RFC 6761: Caching DNS servers SHOULD recognize
 #     test, localhost, invalid
 # names as special and SHOULD NOT attempt to look up NS records for them, or
 # otherwise query authoritative DNS servers in an attempt to resolve these
 # names.
 server=/test/
 server=/localhost/
 server=/invalid/
 # The same RFC requests something similar for
 #     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
 #     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
 #     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
 #     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
 #     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
 #     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
 # Pi-hole implements this via the dnsmasq option "bogus-priv" (see
 # 01-pihole.conf) because this also covers IPv6.
 # OpenWRT furthermore blocks    bind, local, onion    domains
 # see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
 # and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
 # We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
 server=/bind/
 server=/onion/
--- a/advanced/Scripts/COL_TABLE
+++ b/advanced/Scripts/COL_TABLE
@@ -1,5 +1,5 @@
 # Determine if terminal is capable of showing colors
-if [[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]; then
+if ([[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]) || [[ "${WEBCALL}" ]]; then
  # Bold and underline may not show up on all clients
  # If something MUST be emphasized, use both
  COL_BOLD='[1m'
--- a/advanced/Scripts/chronometer.sh
+++ b/advanced/Scripts/chronometer.sh
@@ -13,6 +13,7 @@ LC_NUMERIC=C
 # Retrieve stats from FTL engine
 pihole-FTL() {
    local ftl_port LINE
    ftl_port=$(cat /run/pihole-FTL.port 2> /dev/null)
    if [[ -n "$ftl_port" ]]; then
        # Open connection to FTL
@@ -20,12 +21,13 @@ pihole-FTL() {
        # Test if connection is open
        if { "true" >&3; } 2> /dev/null; then
-            # Send command to FTL
+            # Send command to FTL and ask to quit when finished
-            echo -e ">$1" >&3
+            echo -e ">$1 >quit" >&3
-            # Read input
+            # Read input until we received an empty string and the connection is
            # closed
            read -r -t 1 LINE <&3
-            until [[ ! $? ]] || [[ "$LINE" == *"EOM"* ]]; do
+            until [[ -z "${LINE}" ]] && [[ ! -t 3 ]]; do
                echo "$LINE" >&1
                read -r -t 1 LINE <&3
            done
@@ -228,8 +230,14 @@ get_sys_stats() {
        mapfile -t ph_ver_raw < <(pihole -v -c 2> /dev/null | sed -n 's/^.* v/v/p')
        if [[ -n "${ph_ver_raw[0]}" ]]; then
            ph_core_ver="${ph_ver_raw[0]}"
            if [[ ${#ph_ver_raw[@]} -eq 2 ]]; then
                # AdminLTE not installed
                ph_lte_ver="(not installed)"
                ph_ftl_ver="${ph_ver_raw[1]}"
            else
                ph_lte_ver="${ph_ver_raw[1]}"
                ph_ftl_ver="${ph_ver_raw[2]}"
            fi
        else
            ph_core_ver="-1"
        fi
@@ -349,7 +357,7 @@ get_sys_stats() {
    ram_used="${ram_raw[1]}"
    ram_total="${ram_raw[2]}"
-    if [[ "$(pihole status web 2> /dev/null)" == "1" ]]; then
+    if [[ "$(pihole status web 2> /dev/null)" -ge "1" ]]; then
        ph_status="${COL_LIGHT_GREEN}Active"
    else
        ph_status="${COL_LIGHT_RED}Offline"
@@ -490,10 +498,6 @@ chronoFunc() {
        printFunc " RAM usage: " "$ram_perc%" "$ram_info"
        printFunc " HDD usage: " "$disk_perc" "$disk_info"
        if [[ "$scr_lines" -gt 17 ]] && [[ "$chrono_width" != "small" ]]; then
            printFunc "  LAN addr: " "${IPV4_ADDRESS/\/*/}" "$lan_info"
        fi
        if [[ "$DHCP_ACTIVE" == "true" ]]; then
            printFunc "DHCP usage: " "$ph_dhcp_percent%" "$dhcp_info"
        fi
@@ -551,7 +555,7 @@ Calculates stats and displays to an LCD
 Options:
  -j, --json          Output stats as JSON formatted string
  -r, --refresh       Set update frequency (in seconds)
-  -e, --exit          Output stats and exit witout refreshing
+  -e, --exit          Output stats and exit without refreshing
  -h, --help          Display this help text"
  fi
--- a/advanced/Scripts/database_migration/gravity-db.sh
+++ b/advanced/Scripts/database_migration/gravity-db.sh
@@ -19,13 +19,13 @@ upgrade_gravityDB(){
 	auditFile="${piholeDir}/auditlog.list"
 	# Get database version
-	version="$(sqlite3 "${database}" "SELECT \"value\" FROM \"info\" WHERE \"property\" = 'version';")"
+	version="$(pihole-FTL sqlite3 "${database}" "SELECT \"value\" FROM \"info\" WHERE \"property\" = 'version';")"
 	if [[ "$version" == "1" ]]; then
 		# This migration script upgrades the gravity.db file by
 		# adding the domain_audit table
 		echo -e "  ${INFO} Upgrading gravity database from version 1 to 2"
-		sqlite3 "${database}" < "${scriptPath}/1_to_2.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/1_to_2.sql"
 		version=2
 		# Store audit domains in database table
@@ -40,28 +40,28 @@ upgrade_gravityDB(){
 		# renaming the regex table to regex_blacklist, and
 		# creating a new regex_whitelist table + corresponding linking table and views
 		echo -e "  ${INFO} Upgrading gravity database from version 2 to 3"
-		sqlite3 "${database}" < "${scriptPath}/2_to_3.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/2_to_3.sql"
 		version=3
 	fi
 	if [[ "$version" == "3" ]]; then
 		# This migration script unifies the formally separated domain
 		# lists into a single table with a UNIQUE domain constraint
 		echo -e "  ${INFO} Upgrading gravity database from version 3 to 4"
-		sqlite3 "${database}" < "${scriptPath}/3_to_4.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/3_to_4.sql"
 		version=4
 	fi
 	if [[ "$version" == "4" ]]; then
 		# This migration script upgrades the gravity and list views
 		# implementing necessary changes for per-client blocking
 		echo -e "  ${INFO} Upgrading gravity database from version 4 to 5"
-		sqlite3 "${database}" < "${scriptPath}/4_to_5.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/4_to_5.sql"
 		version=5
 	fi
 	if [[ "$version" == "5" ]]; then
 		# This migration script upgrades the adlist view
 		# to return an ID used in gravity.sh
 		echo -e "  ${INFO} Upgrading gravity database from version 5 to 6"
-		sqlite3 "${database}" < "${scriptPath}/5_to_6.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/5_to_6.sql"
 		version=6
 	fi
 	if [[ "$version" == "6" ]]; then
@@ -69,7 +69,7 @@ upgrade_gravityDB(){
 		# which is automatically associated to all clients not
 		# having their own group assignments
 		echo -e "  ${INFO} Upgrading gravity database from version 6 to 7"
-		sqlite3 "${database}" < "${scriptPath}/6_to_7.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/6_to_7.sql"
 		version=7
 	fi
 	if [[ "$version" == "7" ]]; then
@@ -77,21 +77,21 @@ upgrade_gravityDB(){
 		# to ensure uniqueness on the group name
 		# We also add date_added and date_modified columns
 		echo -e "  ${INFO} Upgrading gravity database from version 7 to 8"
-		sqlite3 "${database}" < "${scriptPath}/7_to_8.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/7_to_8.sql"
 		version=8
 	fi
 	if [[ "$version" == "8" ]]; then
 		# This migration fixes some issues that were introduced
 		# in the previous migration script.
 		echo -e "  ${INFO} Upgrading gravity database from version 8 to 9"
-		sqlite3 "${database}" < "${scriptPath}/8_to_9.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/8_to_9.sql"
 		version=9
 	fi
 	if [[ "$version" == "9" ]]; then
 		# This migration drops unused tables and creates triggers to remove
 		# obsolete groups assignments when the linked items are deleted
 		echo -e "  ${INFO} Upgrading gravity database from version 9 to 10"
-		sqlite3 "${database}" < "${scriptPath}/9_to_10.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/9_to_10.sql"
 		version=10
 	fi
 	if [[ "$version" == "10" ]]; then
@@ -101,13 +101,31 @@ upgrade_gravityDB(){
 		# to keep the copying process generic (needs the same columns in both the
 		# source and the destination databases).
 		echo -e "  ${INFO} Upgrading gravity database from version 10 to 11"
-		sqlite3 "${database}" < "${scriptPath}/10_to_11.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/10_to_11.sql"
 		version=11
 	fi
 	if [[ "$version" == "11" ]]; then
 		# Rename group 0 from "Unassociated" to "Default"
 		echo -e "  ${INFO} Upgrading gravity database from version 11 to 12"
-		sqlite3 "${database}" < "${scriptPath}/11_to_12.sql"
+		pihole-FTL sqlite3 "${database}" < "${scriptPath}/11_to_12.sql"
 		version=12
 	fi
 	if [[ "$version" == "12" ]]; then
 		# Add column date_updated to adlist table
 		echo -e "  ${INFO} Upgrading gravity database from version 12 to 13"
 		pihole-FTL sqlite3 "${database}" < "${scriptPath}/12_to_13.sql"
 		version=13
 	fi
 	if [[ "$version" == "13" ]]; then
 		# Add columns number and status to adlist table
 		echo -e "  ${INFO} Upgrading gravity database from version 13 to 14"
 		pihole-FTL sqlite3 "${database}" < "${scriptPath}/13_to_14.sql"
 		version=14
 	fi
 	if [[ "$version" == "14" ]]; then
 		# Changes the vw_adlist created in 5_to_6
 		echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
 		pihole-FTL sqlite3 "${database}" < "${scriptPath}/14_to_15.sql"
 		version=15
 	fi
 }
--- a/advanced/Scripts/database_migration/gravity/12_to_13.sql
+++ b/advanced/Scripts/database_migration/gravity/12_to_13.sql
@@ -0,0 +1,18 @@
 .timeout 30000
 PRAGMA FOREIGN_KEYS=OFF;
 BEGIN TRANSACTION;
 ALTER TABLE adlist ADD COLUMN date_updated INTEGER;
 DROP TRIGGER tr_adlist_update;
 CREATE TRIGGER tr_adlist_update AFTER UPDATE OF address,enabled,comment ON adlist
    BEGIN
      UPDATE adlist SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE id = NEW.id;
    END;
 UPDATE info SET value = 13 WHERE property = 'version';
 COMMIT;
--- a/advanced/Scripts/database_migration/gravity/13_to_14.sql
+++ b/advanced/Scripts/database_migration/gravity/13_to_14.sql
@@ -0,0 +1,13 @@
 .timeout 30000
 PRAGMA FOREIGN_KEYS=OFF;
 BEGIN TRANSACTION;
 ALTER TABLE adlist ADD COLUMN number INTEGER NOT NULL DEFAULT 0;
 ALTER TABLE adlist ADD COLUMN invalid_domains INTEGER NOT NULL DEFAULT 0;
 ALTER TABLE adlist ADD COLUMN status INTEGER NOT NULL DEFAULT 0;
 UPDATE info SET value = 14 WHERE property = 'version';
 COMMIT;
--- a/advanced/Scripts/database_migration/gravity/14_to_15.sql
+++ b/advanced/Scripts/database_migration/gravity/14_to_15.sql
@@ -0,0 +1,15 @@
 .timeout 30000
 PRAGMA FOREIGN_KEYS=OFF;
 BEGIN TRANSACTION;
 DROP VIEW vw_adlist;
 CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
    FROM adlist
    WHERE enabled = 1
    ORDER BY id;
 UPDATE info SET value = 15 WHERE property = 'version';
 COMMIT;
--- a/advanced/Scripts/list.sh
+++ b/advanced/Scripts/list.sh
@@ -1,4 +1,6 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC1090
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
@@ -9,11 +11,19 @@
 # Please see LICENSE file for your rights under this license.
 # Globals
-basename=pihole
+piholeDir="/etc/pihole"
-piholeDir=/etc/"${basename}"
+GRAVITYDB="${piholeDir}/gravity.db"
-gravityDBfile="${piholeDir}/gravity.db"
+# Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
    source "${pihole_FTL}"
 fi
-reload=false
+# Set this only after sourcing pihole-FTL.conf as the gravity database path may
 # have changed
 gravityDBfile="${GRAVITYDB}"
 noReloadRequested=false
 addmode=true
 verbose=true
 wildcard=false
@@ -25,6 +35,7 @@ typeId=""
 comment=""
 declare -i domaincount
 domaincount=0
 reload=false
 colfile="/opt/pihole/COL_TABLE"
 source ${colfile}
@@ -80,7 +91,8 @@ Options:
  -q, --quiet         Make output less verbose
  -h, --help          Show this help dialog
  -l, --list          Display all your ${listname}listed domains
-  --nuke              Removes all entries in a list"
+  --nuke              Removes all entries in a list
  --comment \"text\"    Add a comment to the domain. If adding multiple domains the same comment will be used for all"
  exit 0
 }
@@ -112,7 +124,7 @@ ProcessDomainList() {
    for dom in "${domList[@]}"; do
        # Format domain into regex filter if requested
        if [[ "${wildcard}" == true ]]; then
-            dom="(^|\\.)${dom//\./\\.}$"
+            dom="(\\.|^)${dom//\./\\.}$"
        fi
        # Logic: If addmode then add to desired list and remove from the other;
@@ -130,18 +142,18 @@ AddDomain() {
    domain="$1"
    # Is the domain in the list we want to add it to?
-    num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}';")"
+    num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}';")"
    requestedListname="$(GetListnameFromTypeId "${typeId}")"
    if [[ "${num}" -ne 0 ]]; then
-      existingTypeId="$(sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")"
+        existingTypeId="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")"
        if [[ "${existingTypeId}" == "${typeId}" ]]; then
            if [[ "${verbose}" == true ]]; then
                echo -e "  ${INFO} ${1} already exists in ${requestedListname}, no need to add!"
            fi
        else
            existingListname="$(GetListnameFromTypeId "${existingTypeId}")"
-        sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';"
+            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';"
            if [[ "${verbose}" == true ]]; then
                echo -e "  ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!"
            fi
@@ -157,10 +169,10 @@ AddDomain() {
    # Insert only the domain here. The enabled and date_added fields will be filled
    # with their default values (enabled = true, date_added = current timestamp)
    if [[ -z "${comment}" ]]; then
-        sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});"
+        pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});"
    else
        # also add comment when variable has been set through the "--comment" option
-        sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type,comment) VALUES ('${domain}',${typeId},'${comment}');"
+        pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type,comment) VALUES ('${domain}',${typeId},'${comment}');"
    fi
 }
@@ -169,7 +181,7 @@ RemoveDomain() {
    domain="$1"
    # Is the domain in the list we want to remove it from?
-    num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};")"
+    num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};")"
    requestedListname="$(GetListnameFromTypeId "${typeId}")"
@@ -186,14 +198,14 @@ RemoveDomain() {
    fi
    reload=true
    # Remove it from the current list
-    sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};"
+    pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};"
 }
 Displaylist() {
    local count num_pipes domain enabled status nicedate requestedListname
    requestedListname="$(GetListnameFromTypeId "${typeId}")"
-    data="$(sqlite3 "${gravityDBfile}" "SELECT domain,enabled,date_modified FROM domainlist WHERE type = ${typeId};" 2> /dev/null)"
+    data="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain,enabled,date_modified FROM domainlist WHERE type = ${typeId};" 2> /dev/null)"
    if [[ -z $data ]]; then
        echo -e "Not showing empty list"
@@ -231,7 +243,15 @@ Displaylist() {
 }
 NukeList() {
-    sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};"
+    count=$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(1) FROM domainlist WHERE type = ${typeId};")
    listname="$(GetListnameFromTypeId "${typeId}")"
    if [ "$count" -gt 0 ];then
        pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};"
        echo "  ${TICK} Removed ${count} domain(s) from the ${listname}"
    else
        echo "  ${INFO} ${listname} already empty. Nothing to do!"
    fi
    exit 0;
 }
 GetComment() {
@@ -250,7 +270,7 @@ while (( "$#" )); do
        "--white-wild" | "white-wild" ) typeId=2; wildcard=true;;
        "--wild" | "wildcard" ) typeId=3; wildcard=true;;
        "--regex" | "regex"   ) typeId=3;;
-        "-nr"| "--noreload"  ) reload=false;;
+        "-nr"| "--noreload"  ) noReloadRequested=true;;
        "-d" | "--delmode"   ) addmode=false;;
        "-q" | "--quiet"     ) verbose=false;;
        "-h" | "--help"      ) helpFunc;;
@@ -276,6 +296,6 @@ if $web; then
    echo "DONE"
 fi
-if [[ "${reload}" != false ]]; then
+if [[ ${reload} == true && ${noReloadRequested} == false ]]; then
    pihole restartdns reload-lists
 fi
--- a/advanced/Scripts/piholeARPTable.sh
+++ b/advanced/Scripts/piholeARPTable.sh
@@ -38,8 +38,8 @@ flushARP(){
    # Truncate network_addresses table in pihole-FTL.db
    # This needs to be done before we can truncate the network table due to
-    # foreign key contraints
+    # foreign key constraints
-    if ! output=$(sqlite3 "${DBFILE}" "DELETE FROM network_addresses" 2>&1); then
+    if ! output=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM network_addresses" 2>&1); then
        echo -e "${OVER}  ${CROSS} Failed to truncate network_addresses table"
        echo "  Database location: ${DBFILE}"
        echo "  Output: ${output}"
@@ -47,7 +47,7 @@ flushARP(){
    fi
    # Truncate network table in pihole-FTL.db
-    if ! output=$(sqlite3 "${DBFILE}" "DELETE FROM network" 2>&1); then
+    if ! output=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM network" 2>&1); then
        echo -e "${OVER}  ${CROSS} Failed to truncate network table"
        echo "  Database location: ${DBFILE}"
        echo "  Output: ${output}"
--- a/advanced/Scripts/piholeCheckout.sh
+++ b/advanced/Scripts/piholeCheckout.sh
@@ -166,12 +166,15 @@ checkout() {
        checkout_pull_branch "${webInterfaceDir}" "${2}"
    elif [[ "${1}" == "ftl" ]] ; then
        local path
        local oldbranch
        path="${2}/${binary}"
        oldbranch="$(pihole-FTL -b)"
        if check_download_exists "$path"; then
            echo "  ${TICK} Branch ${2} exists"
            echo "${2}" > /etc/pihole/ftlbranch
            chmod 644 /etc/pihole/ftlbranch
            echo -e "  ${INFO} Switching to branch: \"${2}\" from \"${oldbranch}\""
            FTLinstall "${binary}"
            restart_service pihole-FTL
            enable_service pihole-FTL
--- a/advanced/Scripts/piholeDebug.sh
+++ b/advanced/Scripts/piholeDebug.sh
@@ -48,6 +48,7 @@ FAQ_UPDATE_PI_HOLE="${COL_CYAN}https://discourse.pi-hole.net/t/how-do-i-update-p
 FAQ_CHECKOUT_COMMAND="${COL_CYAN}https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738#checkout${COL_NC}"
 FAQ_HARDWARE_REQUIREMENTS="${COL_CYAN}https://docs.pi-hole.net/main/prerequisites/${COL_NC}"
 FAQ_HARDWARE_REQUIREMENTS_PORTS="${COL_CYAN}https://docs.pi-hole.net/main/prerequisites/#ports${COL_NC}"
 FAQ_HARDWARE_REQUIREMENTS_FIREWALLD="${COL_CYAN}https://docs.pi-hole.net/main/prerequisites/#firewalld${COL_NC}"
 FAQ_GATEWAY="${COL_CYAN}https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546${COL_NC}"
 FAQ_ULA="${COL_CYAN}https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127${COL_NC}"
 FAQ_FTL_COMPATIBILITY="${COL_CYAN}https://github.com/pi-hole/FTL#compatibility-list${COL_NC}"
@@ -55,11 +56,6 @@ FAQ_BAD_ADDRESS="${COL_CYAN}https://discourse.pi-hole.net/t/why-do-i-see-bad-add
 # Other URLs we may use
 FORUMS_URL="${COL_CYAN}https://discourse.pi-hole.net${COL_NC}"
 TRICORDER_CONTEST="${COL_CYAN}https://pi-hole.net/2016/11/07/crack-our-medical-tricorder-win-a-raspberry-pi-3/${COL_NC}"
 # Port numbers used for uploading the debug log
 TRICORDER_NC_PORT_NUMBER=9999
 TRICORDER_SSL_PORT_NUMBER=9998
 # Directories required by Pi-hole
 # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
@@ -77,15 +73,12 @@ HTML_DIRECTORY="/var/www/html"
 WEB_GIT_DIRECTORY="${HTML_DIRECTORY}/admin"
 #BLOCK_PAGE_DIRECTORY="${HTML_DIRECTORY}/pihole"
 SHM_DIRECTORY="/dev/shm"
 ETC="/etc"
 # Files required by Pi-hole
 # https://discourse.pi-hole.net/t/what-files-does-pi-hole-use/1684
 PIHOLE_CRON_FILE="${CRON_D_DIRECTORY}/pihole"
 PIHOLE_DNS_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/01-pihole.conf"
 PIHOLE_DHCP_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/02-pihole-dhcp.conf"
 PIHOLE_WILDCARD_CONFIG_FILE="${DNSMASQ_D_DIRECTORY}/03-wildcard.conf"
 WEB_SERVER_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/lighttpd.conf"
 WEB_SERVER_CUSTOM_CONFIG_FILE="${WEB_SERVER_CONFIG_DIRECTORY}/external.conf"
@@ -95,6 +88,7 @@ PIHOLE_LOCAL_HOSTS_FILE="${PIHOLE_DIRECTORY}/local.list"
 PIHOLE_LOGROTATE_FILE="${PIHOLE_DIRECTORY}/logrotate"
 PIHOLE_SETUP_VARS_FILE="${PIHOLE_DIRECTORY}/setupVars.conf"
 PIHOLE_FTL_CONF_FILE="${PIHOLE_DIRECTORY}/pihole-FTL.conf"
 PIHOLE_CUSTOM_HOSTS_FILE="${PIHOLE_DIRECTORY}/custom.list"
 # Read the value of an FTL config key. The value is printed to stdout.
 #
@@ -124,6 +118,8 @@ get_ftl_conf_value() {
 PIHOLE_GRAVITY_DB_FILE="$(get_ftl_conf_value "GRAVITYDB" "${PIHOLE_DIRECTORY}/gravity.db")"
 PIHOLE_FTL_DB_FILE="$(get_ftl_conf_value "DBFILE" "${PIHOLE_DIRECTORY}/pihole-FTL.db")"
 PIHOLE_COMMAND="${BIN_DIRECTORY}/pihole"
 PIHOLE_COLTABLE_FILE="${BIN_DIRECTORY}/COL_TABLE"
@@ -138,6 +134,9 @@ PIHOLE_FTL_LOG="$(get_ftl_conf_value "LOGFILE" "${LOG_DIRECTORY}/pihole-FTL.log"
 PIHOLE_WEB_SERVER_ACCESS_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/access.log"
 PIHOLE_WEB_SERVER_ERROR_LOG_FILE="${WEB_SERVER_LOG_DIRECTORY}/error.log"
 RESOLVCONF="${ETC}/resolv.conf"
 DNSMASQ_CONF="${ETC}/dnsmasq.conf"
 # An array of operating system "pretty names" that we officially support
 # We can loop through the array at any time to see if it matches a value
 #SUPPORTED_OS=("Raspbian" "Ubuntu" "Fedora" "Debian" "CentOS")
@@ -162,9 +161,6 @@ PIHOLE_PROCESSES=( "lighttpd" "pihole-FTL" )
 # Store the required directories in an array so it can be parsed through
 REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${PIHOLE_DNS_CONFIG_FILE}"
 "${PIHOLE_DHCP_CONFIG_FILE}"
 "${PIHOLE_WILDCARD_CONFIG_FILE}"
 "${WEB_SERVER_CONFIG_FILE}"
 "${WEB_SERVER_CUSTOM_CONFIG_FILE}"
 "${PIHOLE_INSTALL_LOG_FILE}"
@@ -182,7 +178,10 @@ REQUIRED_FILES=("${PIHOLE_CRON_FILE}"
 "${PIHOLE_DEBUG_LOG}"
 "${PIHOLE_FTL_LOG}"
 "${PIHOLE_WEB_SERVER_ACCESS_LOG_FILE}"
-"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}")
+"${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}"
 "${RESOLVCONF}"
 "${DNSMASQ_CONF}"
 "${PIHOLE_CUSTOM_HOSTS_FILE}")
 DISCLAIMER="This process collects information from your Pi-hole, and optionally uploads it to a unique and random directory on tricorder.pi-hole.net.
@@ -232,6 +231,7 @@ copy_to_debug_log() {
 }
 initialize_debug() {
    local system_uptime
    # Clear the screen so the debug log is readable
    clear
    show_disclaimer
@@ -239,9 +239,13 @@ initialize_debug() {
    log_write "${COL_PURPLE}*** [ INITIALIZING ]${COL_NC}"
    # Timestamp the start of the log
    log_write "${INFO} $(date "+%Y-%m-%d:%H:%M:%S") debug log has been initialized."
    # Uptime of the system
    # credits to https://stackoverflow.com/questions/28353409/bash-format-uptime-to-show-days-hours-minutes
    system_uptime=$(uptime | awk -F'( |,|:)+' '{if ($7=="min") m=$6; else {if ($7~/^day/){if ($9=="min") {d=$6;m=$8} else {d=$6;h=$8;m=$9}} else {h=$6;m=$7}}} {print d+0,"days,",h+0,"hours,",m+0,"minutes"}')
    log_write "${INFO} System has been running for ${system_uptime}"
 }
-# This is a function for visually displaying the curent test that is being run.
+# This is a function for visually displaying the current test that is being run.
 # Accepts one variable: the name of what is being diagnosed
 # Colors do not show in the dasboard, but the icons do: [i], [✓], and [✗]
 echo_current_diagnostic() {
@@ -331,7 +335,17 @@ compare_local_version_to_git_version() {
            return 1
        fi
    else
-        :
+        # There is no git directory so check if the web interface was disabled
        local setup_vars_web_interface
        setup_vars_web_interface=$(< ${PIHOLE_SETUP_VARS_FILE} grep ^INSTALL_WEB_INTERFACE | cut -d '=' -f2)
        if [[ "${pihole_component}" == "Web" ]] && [[ "${setup_vars_web_interface}" == "false" ]]; then
            log_write "${INFO} ${pihole_component}: Disabled in setupVars.conf via INSTALL_WEB_INTERFACE=false"
        else
            # Return an error message
            log_write "${COL_RED}Directory ${git_dir} doesn't exist${COL_NC}"
            # and exit with a non zero code
            return 1
        fi
    fi
 }
@@ -366,11 +380,11 @@ get_program_version() {
    # Create a local variable so this function can be safely reused
    local program_version
    echo_current_diagnostic "${program_name} version"
-    # Evalutate the program we are checking, if it is any of the ones below, show the version
+    # Evaluate the program we are checking, if it is any of the ones below, show the version
    case "${program_name}" in
-        "lighttpd") program_version="$(${program_name} -v |& head -n1 | cut -d '/' -f2 | cut -d ' ' -f1)"
+        "lighttpd") program_version="$(${program_name} -v 2> /dev/null | head -n1 | cut -d '/' -f2 | cut -d ' ' -f1)"
                    ;;
-        "php") program_version="$(${program_name} -v |& head -n1 | cut -d '-' -f1 | cut -d ' ' -f2)"
+        "php") program_version="$(${program_name} -v 2> /dev/null | head -n1 | cut -d '-' -f1 | cut -d ' ' -f2)"
                ;;
        # If a match is not found, show an error
        *) echo "Unrecognized program";
@@ -397,12 +411,12 @@ os_check() {
    # This function gets a list of supported OS versions from a TXT record at versions.pi-hole.net
    # and determines whether or not the script is running on one of those systems
    local remote_os_domain valid_os valid_version detected_os detected_version cmdResult digReturnCode response
-    remote_os_domain="versions.pi-hole.net"
+    remote_os_domain=${OS_CHECK_DOMAIN_NAME:-"versions.pi-hole.net"}
    detected_os=$(grep "\bID\b" /etc/os-release | cut -d '=' -f2 | tr -d '"')
    detected_version=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
-    cmdResult="$(dig +short -t txt ${remote_os_domain} @ns1.pi-hole.net 2>&1; echo $?)"
+    cmdResult="$(dig +short -t txt "${remote_os_domain}" @ns1.pi-hole.net 2>&1; echo $?)"
    #Get the return code of the previous command (last line)
    digReturnCode="${cmdResult##*$'\n'}"
@@ -453,6 +467,9 @@ diagnose_operating_system() {
    # Display the current test that is running
    echo_current_diagnostic "Operating system"
    # If the PIHOLE_DOCKER_TAG variable is set, include this information in the debug output
    [ -n "${PIHOLE_DOCKER_TAG}" ] && log_write "${INFO} Pi-hole Docker Container: ${PIHOLE_DOCKER_TAG}"
    # If there is a /etc/*release file, it's probably a supported operating system, so we can
    if ls /etc/*release 1> /dev/null 2>&1; then
        # display the attributes to the user from the function made earlier
@@ -493,6 +510,58 @@ check_selinux() {
    fi
 }
 check_firewalld() {
    # FirewallD ships by default on Fedora/CentOS/RHEL and enabled upon clean install
    # FirewallD is not configured by the installer and is the responsibility of the user
    echo_current_diagnostic "FirewallD"
    # Check if FirewallD service is enabled
    if command -v systemctl &> /dev/null; then
        # get its status via systemctl
        local firewalld_status
        firewalld_status=$(systemctl is-active firewalld)
        log_write "${INFO} ${COL_GREEN}Firewalld service ${firewalld_status}${COL_NC}";
        if [ "${firewalld_status}" == "active" ]; then
            # test common required service ports
            local firewalld_enabled_services
            firewalld_enabled_services=$(firewall-cmd --list-services)
            local firewalld_expected_services=("http" "dns" "dhcp" "dhcpv6")
            for i in "${firewalld_expected_services[@]}"; do
                if [[ "${firewalld_enabled_services}" =~ ${i} ]]; then
                    log_write "${TICK} ${COL_GREEN}  Allow Service: ${i}${COL_NC}";
                else
                    log_write "${CROSS} ${COL_RED}  Allow Service: ${i}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
                fi
            done
            # check for custom FTL FirewallD zone
            local firewalld_zones
            firewalld_zones=$(firewall-cmd --get-zones)
            if [[ "${firewalld_zones}" =~ "ftl" ]]; then
                log_write "${TICK} ${COL_GREEN}FTL Custom Zone Detected${COL_NC}";
                # check FTL custom zone interface: lo
                local firewalld_ftl_zone_interfaces
                firewalld_ftl_zone_interfaces=$(firewall-cmd --zone=ftl --list-interfaces)
                if [[ "${firewalld_ftl_zone_interfaces}" =~ "lo" ]]; then
                    log_write "${TICK} ${COL_GREEN}  Local Interface Detected${COL_NC}";
                else
                    log_write "${CROSS} ${COL_RED}  Local Interface Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
                fi
                # check FTL custom zone port: 4711
                local firewalld_ftl_zone_ports
                firewalld_ftl_zone_ports=$(firewall-cmd --zone=ftl --list-ports)
                if [[ "${firewalld_ftl_zone_ports}" =~ "4711/tcp" ]]; then
                    log_write "${TICK} ${COL_GREEN}  FTL Port 4711/tcp Detected${COL_NC}";
                else
                    log_write "${CROSS} ${COL_RED}  FTL Port 4711/tcp Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
                fi
            else
                log_write "${CROSS} ${COL_RED}FTL Custom Zone Not Detected${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_FIREWALLD})"
            fi
        fi
    else
        log_write "${TICK} ${COL_GREEN}Firewalld service not detected${COL_NC}";
    fi
 }
 processor_check() {
    echo_current_diagnostic "Processor"
    # Store the processor type in a variable
@@ -505,7 +574,7 @@ processor_check() {
    else
        # Check if the architecture is currently supported for FTL
        case "${PROCESSOR}" in
-            "amd64") log_write "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}"
+            "amd64" | "x86_64") log_write "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}"
                ;;
            "armv6l") log_write "${TICK} ${COL_GREEN}${PROCESSOR}${COL_NC}"
                ;;
@@ -521,6 +590,27 @@ processor_check() {
    fi
 }
 disk_usage() {
    local file_system
    local hide
    echo_current_diagnostic "Disk usage"
    mapfile -t file_system < <(df -h)
    # Some lines of df might contain sensitive information like usernames and passwords.
    # E.g. curlftpfs filesystems (https://www.looklinux.com/mount-ftp-share-on-linux-using-curlftps/)
    # We are not interested in those lines so we collect keyword, to remove them from the output
    # Additinal keywords can be added, separated by "|"
    hide="curlftpfs"
    # only show those lines not containg a sensitive phrase
    for line in "${file_system[@]}"; do
      if [[ ! $line =~ $hide ]]; then
        log_write "   ${line}"
      fi
    done
 }
 parse_setup_vars() {
    echo_current_diagnostic "Setup variables"
    # If the file exists,
@@ -540,43 +630,11 @@ parse_locale() {
    parse_file "${pihole_locale}"
 }
 does_ip_match_setup_vars() {
    # Check for IPv4 or 6
    local protocol="${1}"
    # IP address to check for
    local ip_address="${2}"
    # See what IP is in the setupVars.conf file
    local setup_vars_ip
    setup_vars_ip=$(< ${PIHOLE_SETUP_VARS_FILE} grep IPV"${protocol}"_ADDRESS | cut -d '=' -f2)
    # If it's an IPv6 address
    if [[ "${protocol}" == "6" ]]; then
        # Strip off the / (CIDR notation)
        if [[ "${ip_address%/*}" == "${setup_vars_ip%/*}" ]]; then
            # if it matches, show it in green
            log_write "   ${COL_GREEN}${ip_address%/*}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}"
        else
            # otherwise show it in red with an FAQ URL
            log_write "   ${COL_RED}${ip_address%/*}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})"
        fi
    else
        # if the protocol isn't 6, it's 4 so no need to strip the CIDR notation
        # since it exists in the setupVars.conf that way
        if [[ "${ip_address}" == "${setup_vars_ip}" ]]; then
            # show in green if it matches
            log_write "   ${COL_GREEN}${ip_address}${COL_NC} matches the IP found in ${PIHOLE_SETUP_VARS_FILE}"
        else
            # otherwise show it in red
            log_write "   ${COL_RED}${ip_address}${COL_NC} does not match the IP found in ${PIHOLE_SETUP_VARS_FILE} (${FAQ_ULA})"
        fi
    fi
 }
 detect_ip_addresses() {
    # First argument should be a 4 or a 6
    local protocol=${1}
    # Use ip to show the addresses for the chosen protocol
-    # Store the values in an arry so they can be looped through
+    # Store the values in an array so they can be looped through
    # Get the lines that are in the file(s) and store them in an array for parsing later
    mapfile -t ip_addr_list < <(ip -"${protocol}" addr show dev "${PIHOLE_INTERFACE}" | awk -F ' ' '{ for(i=1;i<=NF;i++) if ($i ~ '/^inet/') print $(i+1) }')
@@ -588,8 +646,7 @@ detect_ip_addresses() {
        log_write "${TICK} IPv${protocol} address(es) bound to the ${PIHOLE_INTERFACE} interface:"
        # Since there may be more than one IP address, store them in an array
        for i in "${!ip_addr_list[@]}"; do
-            # For each one in the list, print it out
+            log_write "    ${ip_addr_list[$i]}"
            does_ip_match_setup_vars "${protocol}" "${ip_addr_list[$i]}"
        done
        # Print a blank line just for formatting
        log_write ""
@@ -598,13 +655,6 @@ detect_ip_addresses() {
        log_write "${CROSS} ${COL_RED}No IPv${protocol} address(es) found on the ${PIHOLE_INTERFACE}${COL_NC} interface.\\n"
        return 1
    fi
    # If the protocol is v6
    if [[ "${protocol}" == "6" ]]; then
        # let the user know that as long as there is one green address, things should be ok
        log_write "   ^ Please note that you may have more than one IP address listed."
        log_write "   As long as one of them is green, and it matches what is in ${PIHOLE_SETUP_VARS_FILE}, there is no need for concern.\\n"
        log_write "   The link to the FAQ is for an issue that sometimes occurs when the IPv6 address changes, which is why we check for it.\\n"
    fi
 }
 ping_ipv4_or_ipv6() {
@@ -630,7 +680,7 @@ ping_gateway() {
    # Check if we are using IPv4 or IPv6
    # Find the default gateway using IPv4 or IPv6
    local gateway
-    gateway="$(ip -"${protocol}" route | grep default | cut -d ' ' -f 3)"
+    gateway="$(ip -"${protocol}" route | grep default | grep "${PIHOLE_INTERFACE}" | cut -d ' ' -f 3)"
    # If the gateway variable has a value (meaning a gateway was found),
    if [[ -n "${gateway}" ]]; then
@@ -683,11 +733,11 @@ compare_port_to_service_assigned() {
    # If the service is a Pi-hole service, highlight it in green
    if [[ "${service_name}" == "${expected_service}" ]]; then
-        log_write "[${COL_GREEN}${port}${COL_NC}] is in use by ${COL_GREEN}${service_name}${COL_NC}"
+        log_write "${TICK} ${COL_GREEN}${port}${COL_NC} is in use by ${COL_GREEN}${service_name}${COL_NC}"
    # Otherwise,
    else
        # Show the service name in red since it's non-standard
-        log_write "[${COL_RED}${port}${COL_NC}] is in use by ${COL_RED}${service_name}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_PORTS})"
+        log_write "${CROSS} ${COL_RED}${port}${COL_NC} is in use by ${COL_RED}${service_name}${COL_NC} (${FAQ_HARDWARE_REQUIREMENTS_PORTS})"
    fi
 }
@@ -703,36 +753,47 @@ check_required_ports() {
    # Sort the addresses and remove duplicates
    while IFS= read -r line; do
        ports_in_use+=( "$line" )
-    done < <( lsof -iTCP -sTCP:LISTEN -P -n +c 10 )
+    done < <( ss --listening --numeric --tcp --udp --processes --no-header )
    # Now that we have the values stored,
    for i in "${!ports_in_use[@]}"; do
        # loop through them and assign some local variables
        local service_name
-        service_name=$(echo "${ports_in_use[$i]}" | awk '{print $1}')
+        service_name=$(echo "${ports_in_use[$i]}" | awk '{gsub(/users:\(\("/,"",$7);gsub(/".*/,"",$7);print $7}')
        local protocol_type
-        protocol_type=$(echo "${ports_in_use[$i]}" | awk '{print $5}')
+        protocol_type=$(echo "${ports_in_use[$i]}" | awk '{print $1}')
        local port_number
-        port_number="$(echo "${ports_in_use[$i]}" | awk '{print $9}')"
+        port_number="$(echo "${ports_in_use[$i]}" | awk '{print $5}')" #  | awk '{gsub(/^.*:/,"",$5);print $5}')
        # Skip the line if it's the titles of the columns the lsof command produces
        if [[ "${service_name}" == COMMAND ]]; then
            continue
        fi
        # Use a case statement to determine if the right services are using the right ports
-        case "$(echo "$port_number" | rev | cut -d: -f1 | rev)" in
+        case "$(echo "${port_number}" | rev | cut -d: -f1 | rev)" in
-            53) compare_port_to_service_assigned  "${resolver}" "${service_name}" 53
+            53) compare_port_to_service_assigned  "${resolver}" "${service_name}" "${protocol_type}:${port_number}"
                ;;
-            80) compare_port_to_service_assigned  "${web_server}" "${service_name}" 80
+            80) compare_port_to_service_assigned  "${web_server}" "${service_name}" "${protocol_type}:${port_number}"
                ;;
-            4711) compare_port_to_service_assigned  "${ftl}" "${service_name}" 4711
+            4711) compare_port_to_service_assigned  "${ftl}" "${service_name}" "${protocol_type}:${port_number}"
                ;;
            # If it's not a default port that Pi-hole needs, just print it out for the user to see
-            *) log_write "${port_number} ${service_name} (${protocol_type})";
+            *) log_write "    ${protocol_type}:${port_number} is in use by ${service_name:=<unknown>}";
        esac
    done
 }
 ip_command() {
    # Obtain and log information from "ip XYZ show" commands
    echo_current_diagnostic "${2}"
    local entries=()
    mapfile -t entries < <(ip "${1}" show)
    for line in "${entries[@]}"; do
        log_write "   ${line}"
    done
 }
 check_ip_command() {
    ip_command "addr" "Network interfaces and addresses"
    ip_command "route" "Network routing table"
 }
 check_networking() {
    # Runs through several of the functions made earlier; we just clump them
    # together since they are all related to the networking aspect of things
@@ -741,7 +802,9 @@ check_networking() {
    detect_ip_addresses "6"
    ping_gateway "4"
    ping_gateway "6"
-    check_required_ports
+    # Skip the following check if installed in docker container. Unpriv'ed containers do not have access to the information required
    # to resolve the service name listening - and the container should not start if there was a port conflict anyway
    [ -z "${PIHOLE_DOCKER_TAG}" ] && check_required_ports
 }
 check_x_headers() {
@@ -758,7 +821,7 @@ check_x_headers() {
    # Do it for the dashboard as well, as the header is different than above
    local dashboard
    dashboard=$(curl -Is localhost/admin/ | awk '/X-Pi-hole/' | tr -d '\r')
-    # Store what the X-Header shoud be in variables for comparison later
+    # Store what the X-Header should be in variables for comparison later
    local block_page_working
    block_page_working="X-Pi-hole: A black hole for Internet advertisements."
    local dashboard_working
@@ -777,12 +840,12 @@ check_x_headers() {
        log_write "${COL_RED}${full_curl_output_block_page}${COL_NC}"
    fi
-    # Same logic applies to the dashbord as above, if the X-Header matches what a working system shoud have,
+    # Same logic applies to the dashboard as above, if the X-Header matches what a working system should have,
    if [[ $dashboard == "$dashboard_working" ]]; then
        # then we can show a success
        log_write "$TICK Web interface X-Header: ${COL_GREEN}${dashboard}${COL_NC}"
    else
-        # Othewise, it's a failure since the X-Headers either don't exist or have been modified in some way
+        # Otherwise, it's a failure since the X-Headers either don't exist or have been modified in some way
        log_write "$CROSS Web interface X-Header: ${COL_RED}X-Header does not match or could not be retrieved.${COL_NC}"
        log_write "${COL_RED}${full_curl_output_dashboard}${COL_NC}"
    fi
@@ -794,13 +857,13 @@ dig_at() {
    # Store the arguments as variables with names
    local protocol="${1}"
    local IP="${2}"
    echo_current_diagnostic "Name resolution (IPv${protocol}) using a random blocked domain and a known ad-serving domain"
    # Set more local variables
    # We need to test name resolution locally, via Pi-hole, and via a public resolver
    local local_dig
    local pihole_dig
    local remote_dig
    local interfaces
    local addresses
    # Use a static domain that we know has IPv4 and IPv6 to avoid false positives
    # Sometimes the randomly chosen domains don't use IPv6, or something else is wrong with them
    local remote_url="doubleclick.com"
@@ -809,15 +872,15 @@ dig_at() {
    if [[ ${protocol} == "6" ]]; then
        # Set the IPv6 variables and record type
        local local_address="::1"
        local pihole_address="${IP}"
        local remote_address="2001:4860:4860::8888"
        local sed_selector="inet6"
        local record_type="AAAA"
-    # Othwerwise, it should be 4
+    # Otherwise, it should be 4
    else
        # so use the IPv4 values
        local local_address="127.0.0.1"
        local pihole_address="${IP}"
        local remote_address="8.8.8.8"
        local sed_selector="inet"
        local record_type="A"
    fi
@@ -825,34 +888,59 @@ dig_at() {
    # This helps emulate queries to different domains that a user might query
    # It will also give extra assurance that Pi-hole is correctly resolving and blocking domains
    local random_url
-    random_url=$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1")
+    random_url=$(pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity ORDER BY RANDOM() LIMIT 1")
    # First, do a dig on localhost to see if Pi-hole can use itself to block a domain
    if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @${local_address} +short "${record_type}"); then
        # If it can, show success
        log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} via ${COL_CYAN}localhost$COL_NC (${local_address})"
    else
        # Otherwise, show a failure
        log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}localhost${COL_NC} (${local_address})"
    fi
    # Next we need to check if Pi-hole can resolve a domain when the query is sent to it's IP address
    # This better emulates how clients will interact with Pi-hole as opposed to above where Pi-hole is
    # just asing itself locally
-    # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't waiting for too long
+    # The default timeouts and tries are reduced in case the DNS server isn't working, so the user isn't
    # waiting for too long
    #
    # Turn off history expansion such that the "!" in the sed command cannot do silly things
    set +H
    # Get interfaces
    # sed logic breakdown:
    #     / master /d;
    #          Removes all interfaces that are slaves of others (e.g. virtual docker interfaces)
    #     /UP/!d;
    #          Removes all interfaces which are not UP
    #     s/^[0-9]*: //g;
    #          Removes interface index
    #     s/@.*//g;
    #          Removes everything after @ (if found)
    #     s/: <.*//g;
    #          Removes everything after the interface name
    interfaces="$(ip link show | sed "/ master /d;/UP/!d;s/^[0-9]*: //g;s/@.*//g;s/: <.*//g;")"
-    # If Pi-hole can dig itself from it's IP (not the loopback address)
+    while IFS= read -r iface ; do
-    if pihole_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${pihole_address}" +short "${record_type}"); then
+        # Get addresses of current interface
-        # show a success
+        # sed logic breakdown:
-        log_write "${TICK} ${random_url} ${COL_GREEN}is ${pihole_dig}${COL_NC} via ${COL_CYAN}Pi-hole${COL_NC} (${pihole_address})"
+        #     /inet(|6) /!d;
        #          Removes all lines from ip a that do not contain either "inet " or "inet6 "
        #     s/^.*inet(|6) //g;
        #          Removes all leading whitespace as well as the "inet " or "inet6 " string
        #     s/\/.*$//g;
        #          Removes CIDR and everything thereafter (e.g., scope properties)
        addresses="$(ip address show dev "${iface}" | sed "/${sed_selector} /!d;s/^.*${sed_selector} //g;s/\/.*$//g;")"
        if [ -n "${addresses}" ]; then
          while IFS= read -r local_address ; do
              # Check if Pi-hole can use itself to block a domain
              if local_dig=$(dig +tries=1 +time=2 -"${protocol}" "${random_url}" @"${local_address}" +short "${record_type}"); then
                  # If it can, show success
                  log_write "${TICK} ${random_url} ${COL_GREEN}is ${local_dig}${COL_NC} on ${COL_CYAN}${iface}${COL_NC} (${COL_CYAN}${local_address}${COL_NC})"
              else
-        # Othewise, show a failure
+                  # Otherwise, show a failure
-        log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} via ${COL_RED}Pi-hole${COL_NC} (${pihole_address})"
+                  log_write "${CROSS} ${COL_RED}Failed to resolve${COL_NC} ${random_url} on ${COL_RED}${iface}${COL_NC} (${COL_RED}${local_address}${COL_NC})"
              fi
          done <<< "${addresses}"
        else
          log_write "${TICK} No IPv${protocol} address available on ${COL_CYAN}${iface}${COL_NC}"
        fi
    done <<< "${interfaces}"
    # Finally, we need to make sure legitimate queries can out to the Internet using an external, public DNS server
    # We are using the static remote_url here instead of a random one because we know it works with IPv4 and IPv6
-    if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @${remote_address} +short "${record_type}" | head -n1); then
+    if remote_dig=$(dig +tries=1 +time=2 -"${protocol}" "${remote_url}" @"${remote_address}" +short "${record_type}" | head -n1); then
        # If successful, the real IP of the domain will be returned instead of Pi-hole's IP
        log_write "${TICK} ${remote_url} ${COL_GREEN}is ${remote_dig}${COL_NC} via ${COL_CYAN}a remote, public DNS server${COL_NC} (${remote_address})"
    else
@@ -893,6 +981,18 @@ process_status(){
    done
 }
 ftl_full_status(){
    # if using systemd print the full status of pihole-FTL
    echo_current_diagnostic "Pi-hole-FTL full status"
    local FTL_status
    if command -v systemctl &> /dev/null; then
      FTL_status=$(systemctl status --full --no-pager pihole-FTL.service)
      log_write "   ${FTL_status}"
    else
      log_write "${INFO} systemctl:  command not found"
    fi
 }
 make_array_from_file() {
    local filename="${1}"
    # The second argument can put a limit on how many line should be read from the file
@@ -910,7 +1010,7 @@ make_array_from_file() {
        # Otherwise, read the file line by line
        while IFS= read -r line;do
            # Othwerise, strip out comments and blank lines
-            new_line=$(echo "${line}" | sed -e 's/#.*$//' -e '/^$/d')
+            new_line=$(echo "${line}" | sed -e 's/^\s*#.*$//' -e '/^$/d')
            # If the line still has content (a non-zero value)
            if [[ -n "${new_line}" ]]; then
                # Put it into the array
@@ -955,7 +1055,7 @@ parse_file() {
    local file_lines
    # For each line in the file,
    for file_lines in "${file_info[@]}"; do
-        if [[ ! -z "${file_lines}" ]]; then
+        if [[ -n "${file_lines}" ]]; then
            # don't include the Web password hash
            [[ "${file_lines}" =~ ^\#.*$  || ! "${file_lines}" || "${file_lines}" == "WEBPASSWORD="* ]] && continue
            # otherwise, display the lines of the file
@@ -967,14 +1067,10 @@ parse_file() {
 }
 check_name_resolution() {
-    # Check name resoltion from localhost, Pi-hole's IP, and Google's name severs
+    # Check name resolution from localhost, Pi-hole's IP, and Google's name severs
    # using the function we created earlier
-    dig_at 4 "${IPV4_ADDRESS%/*}"
+    dig_at 4
-    # If IPv6 enabled,
+    dig_at 6
    if [[ "${IPV6_ADDRESS}" ]]; then
        # check resolution
        dig_at 6 "${IPV6_ADDRESS%/*}"
    fi
 }
 # This function can check a directory exists
@@ -1017,17 +1113,21 @@ list_files_in_dir() {
            :
        elif [[ "${dir_to_parse}" == "${SHM_DIRECTORY}" ]]; then
            # SHM file - we do not want to see the content, but we want to see the files and their sizes
-            log_write "$(ls -ld "${dir_to_parse}"/"${each_file}")"
+            log_write "$(ls -lhd "${dir_to_parse}"/"${each_file}")"
        elif [[ "${dir_to_parse}" == "${DNSMASQ_D_DIRECTORY}" ]]; then
            # in case of the dnsmasq directory inlcuede all files in the debug output
            log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
            make_array_from_file "${dir_to_parse}/${each_file}"
        else
            # Then, parse the file's content into an array so each line can be analyzed if need be
            for i in "${!REQUIRED_FILES[@]}"; do
                if [[ "${dir_to_parse}/${each_file}" == "${REQUIRED_FILES[$i]}" ]]; then
                    # display the filename
-                    log_write "\\n${COL_GREEN}$(ls -ld "${dir_to_parse}"/"${each_file}")${COL_NC}"
+                    log_write "\\n${COL_GREEN}$(ls -lhd "${dir_to_parse}"/"${each_file}")${COL_NC}"
                    # Check if the file we want to view has a limit (because sometimes we just need a little bit of info from the file, not the entire thing)
                    case "${dir_to_parse}/${each_file}" in
-                        # If it's Web server error log, just give the first 25 lines
+                        # If it's Web server error log, give the first and last 25 lines
-                        "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") make_array_from_file "${dir_to_parse}/${each_file}" 25
+                        "${PIHOLE_WEB_SERVER_ERROR_LOG_FILE}") head_tail_log "${dir_to_parse}/${each_file}" 25
                            ;;
                        # Same for the FTL log
                        "${PIHOLE_FTL_LOG}") head_tail_log "${dir_to_parse}/${each_file}" 35
@@ -1062,6 +1162,7 @@ show_content_of_pihole_files() {
    show_content_of_files_in_dir "${WEB_SERVER_LOG_DIRECTORY}"
    show_content_of_files_in_dir "${LOG_DIRECTORY}"
    show_content_of_files_in_dir "${SHM_DIRECTORY}"
    show_content_of_files_in_dir "${ETC}"
 }
 head_tail_log() {
@@ -1103,7 +1204,7 @@ show_db_entries() {
    IFS=$'\r\n'
    local entries=()
    mapfile -t entries < <(\
-        sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" \
+        pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" \
            -cmd ".headers on" \
            -cmd ".mode column" \
            -cmd ".width ${widths}" \
@@ -1117,31 +1218,75 @@ show_db_entries() {
    IFS="$OLD_IFS"
 }
 show_FTL_db_entries() {
    local title="${1}"
    local query="${2}"
    local widths="${3}"
    echo_current_diagnostic "${title}"
    OLD_IFS="$IFS"
    IFS=$'\r\n'
    local entries=()
    mapfile -t entries < <(\
        pihole-FTL sqlite3 "${PIHOLE_FTL_DB_FILE}" \
            -cmd ".headers on" \
            -cmd ".mode column" \
            -cmd ".width ${widths}" \
            "${query}"\
    )
    for line in "${entries[@]}"; do
        log_write "   ${line}"
    done
    IFS="$OLD_IFS"
 }
 check_dhcp_servers() {
    echo_current_diagnostic "Discovering active DHCP servers (takes 10 seconds)"
    OLD_IFS="$IFS"
    IFS=$'\n'
    local entries=()
    mapfile -t entries < <(pihole-FTL dhcp-discover)
    for line in "${entries[@]}"; do
        log_write "   ${line}"
    done
    IFS="$OLD_IFS"
 }
 show_groups() {
    show_db_entries "Groups" "SELECT id,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,name,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,description FROM \"group\"" "4 7 50 19 19 50"
 }
 show_adlists() {
-    show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "4 7 12 100 19 19 50"
+    show_db_entries "Adlists" "SELECT id,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,GROUP_CONCAT(adlist_by_group.group_id) group_ids,address,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM adlist LEFT JOIN adlist_by_group ON adlist.id = adlist_by_group.adlist_id GROUP BY id;" "5 7 12 100 19 19 50"
 }
 show_domainlist() {
-    show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0   ' WHEN '1' THEN ' 1  ' WHEN '2' THEN '  2 ' WHEN '3' THEN '   3' ELSE type END type,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "4 4 7 12 100 19 19 50"
+    show_db_entries "Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)" "SELECT id,CASE type WHEN '0' THEN '0   ' WHEN '1' THEN ' 1  ' WHEN '2' THEN '  2 ' WHEN '3' THEN '   3' ELSE type END type,CASE enabled WHEN '0' THEN '   0' WHEN '1' THEN '      1' ELSE enabled END enabled,GROUP_CONCAT(domainlist_by_group.group_id) group_ids,domain,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM domainlist LEFT JOIN domainlist_by_group ON domainlist.id = domainlist_by_group.domainlist_id GROUP BY id;" "5 4 7 12 100 19 19 50"
 }
 show_clients() {
    show_db_entries "Clients" "SELECT id,GROUP_CONCAT(client_by_group.group_id) group_ids,ip,datetime(date_added,'unixepoch','localtime') date_added,datetime(date_modified,'unixepoch','localtime') date_modified,comment FROM client LEFT JOIN client_by_group ON client.id = client_by_group.client_id GROUP BY id;" "4 12 100 19 19 50"
 }
 show_messages() {
    show_FTL_db_entries "Pi-hole diagnosis messages" "SELECT count (message) as count, datetime(max(timestamp),'unixepoch','localtime') as 'last timestamp', type, message, blob1, blob2, blob3, blob4, blob5 FROM message GROUP BY type, message, blob1, blob2, blob3, blob4, blob5;" "6 19 20 60 20 20 20 20 20"
 }
 analyze_gravity_list() {
-    echo_current_diagnostic "Gravity List and Database"
+    echo_current_diagnostic "Gravity Database"
    local gravity_permissions
-    gravity_permissions=$(ls -ld "${PIHOLE_GRAVITY_DB_FILE}")
+    gravity_permissions=$(ls -lhd "${PIHOLE_GRAVITY_DB_FILE}")
    log_write "${COL_GREEN}${gravity_permissions}${COL_NC}"
    show_db_entries "Info table" "SELECT property,value FROM info" "20 40"
-    gravity_updated_raw="$(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT value FROM info where property = 'updated'")"
+    gravity_updated_raw="$(pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT value FROM info where property = 'updated'")"
    gravity_updated="$(date -d @"${gravity_updated_raw}")"
    log_write "   Last gravity run finished at: ${COL_CYAN}${gravity_updated}${COL_NC}"
    log_write ""
@@ -1149,7 +1294,7 @@ analyze_gravity_list() {
    OLD_IFS="$IFS"
    IFS=$'\r\n'
    local gravity_sample=()
-    mapfile -t gravity_sample < <(sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity LIMIT 10")
+    mapfile -t gravity_sample < <(pihole-FTL sqlite3 "${PIHOLE_GRAVITY_DB_FILE}" "SELECT domain FROM vw_gravity LIMIT 10")
    log_write "   ${COL_CYAN}----- First 10 Gravity Domains -----${COL_NC}"
    for line in "${gravity_sample[@]}"; do
@@ -1160,39 +1305,29 @@ analyze_gravity_list() {
    IFS="$OLD_IFS"
 }
-analyze_pihole_log() {
+obfuscated_pihole_log() {
-    echo_current_diagnostic "Pi-hole log"
+  local pihole_log=("$@")
-    local head_line
+  local line
    # Put the current Internal Field Separator into another variable so it can be restored later
    OLD_IFS="$IFS"
    # Get the lines that are in the file(s) and store them in an array for parsing later
    IFS=$'\r\n'
    local pihole_log_permissions
    pihole_log_permissions=$(ls -ld "${PIHOLE_LOG}")
    log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}"
    local pihole_log_head=()
    mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG})
    log_write "   ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}"
  local error_to_check_for
  local line_to_obfuscate
  local obfuscated_line
-    for head_line in "${pihole_log_head[@]}"; do
+  for line in "${pihole_log[@]}"; do
      # A common error in the pihole.log is when there is a non-hosts formatted file
      # that the DNS server is attempting to read.  Since it's not formatted
      # correctly, there will be an entry for "bad address at line n"
      # So we can check for that here and highlight it in red so the user can see it easily
-        error_to_check_for=$(echo "${head_line}" | grep 'bad address at')
+      error_to_check_for=$(echo "${line}" | grep 'bad address at')
      # Some users may not want to have the domains they visit sent to us
      # To that end, we check for lines in the log that would contain a domain name
-        line_to_obfuscate=$(echo "${head_line}" | grep ': query\|: forwarded\|: reply')
+      line_to_obfuscate=$(echo "${line}" | grep ': query\|: forwarded\|: reply')
      # If the variable contains a value, it found an error in the log
      if [[ -n ${error_to_check_for} ]]; then
          # So we can print it in red to make it visible to the user
-            log_write "   ${CROSS} ${COL_RED}${head_line}${COL_NC} (${FAQ_BAD_ADDRESS})"
+          log_write "   ${CROSS} ${COL_RED}${line}${COL_NC} (${FAQ_BAD_ADDRESS})"
      else
          # If the variable does not a value (the current default behavior), so do not obfuscate anything
          if [[ -z ${OBFUSCATE} ]]; then
-                log_write "   ${head_line}"
+              log_write "   ${line}"
          # Othwerise, a flag was passed to this command to obfuscate domains in the log
          else
              # So first check if there are domains in the log that should be obfuscated
@@ -1202,35 +1337,56 @@ analyze_pihole_log() {
                  obfuscated_line=$(echo "${line_to_obfuscate}" | awk -v placeholder="${OBFUSCATED_PLACEHOLDER}" '{sub($6,placeholder); print $0}')
                  log_write "   ${obfuscated_line}"
              else
-                    log_write "   ${head_line}"
+                  log_write "   ${line}"
              fi
          fi
      fi
  done
 }
 analyze_pihole_log() {
  echo_current_diagnostic "Pi-hole log"
  local pihole_log_head=()
  local pihole_log_tail=()
  local pihole_log_permissions
  local logging_enabled
  logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf)
  if [[ "${logging_enabled}" == "0" ]]; then
      # Inform user that logging has been disabled and pihole.log does not contain queries
      log_write "${INFO} Query logging is disabled"
      log_write ""
  fi
  # Put the current Internal Field Separator into another variable so it can be restored later
  OLD_IFS="$IFS"
  # Get the lines that are in the file(s) and store them in an array for parsing later
  IFS=$'\r\n'
  pihole_log_permissions=$(ls -lhd "${PIHOLE_LOG}")
  log_write "${COL_GREEN}${pihole_log_permissions}${COL_NC}"
  mapfile -t pihole_log_head < <(head -n 20 ${PIHOLE_LOG})
  log_write "   ${COL_CYAN}-----head of $(basename ${PIHOLE_LOG})------${COL_NC}"
  obfuscated_pihole_log "${pihole_log_head[@]}"
  log_write ""
  mapfile -t pihole_log_tail < <(tail -n 20 ${PIHOLE_LOG})
  log_write "   ${COL_CYAN}-----tail of $(basename ${PIHOLE_LOG})------${COL_NC}"
  obfuscated_pihole_log "${pihole_log_tail[@]}"
  log_write ""
  # Set the IFS back to what it was
  IFS="$OLD_IFS"
 }
-tricorder_use_nc_or_curl() {
+curl_to_tricorder() {
-    # Users can submit their debug logs using nc (unencrypted) or curl (encrypted) if available
+    # Users can submit their debug logs using curl (encrypted)
    # Check for curl first since encryption is a good thing
    if command -v curl &> /dev/null; then
        # If the command exists,
    log_write "    * Using ${COL_GREEN}curl${COL_NC} for transmission."
-        # transmit he log via TLS and store the token returned in a variable
+    # transmit the log via TLS and store the token returned in a variable
-        tricorder_token=$(curl --silent --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net:${TRICORDER_SSL_PORT_NUMBER})
+    tricorder_token=$(curl --silent --fail --show-error --upload-file ${PIHOLE_DEBUG_LOG} https://tricorder.pi-hole.net 2>&1)
-        if [ -z "${tricorder_token}" ]; then
+    if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then
-         # curl failed, fallback to nc
+        log_write "    * ${COL_GREEN}curl${COL_NC} failed, contact Pi-hole support for assistance."
-         log_write "    * ${COL_GREEN}curl${COL_NC} failed, falling back to ${COL_YELLOW}netcat${COL_NC} for transmission."
+        # Log curl error (if available)
-         tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
+        if [ -n "${tricorder_token}" ]; then
            log_write "    * Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n"
            tricorder_token=""
        fi
    # Otherwise,
    else
        # use net cat
        log_write "${INFO} Using ${COL_YELLOW}netcat${COL_NC} for transmission."
        # Save the token returned by our server in a variable
        tricorder_token=$(< ${PIHOLE_DEBUG_LOG} nc tricorder.pi-hole.net ${TRICORDER_NC_PORT_NUMBER})
    fi
 }
@@ -1249,48 +1405,55 @@ upload_to_tricorder() {
    # Provide information on what they should do with their token
    log_write "   * The debug log can be uploaded to tricorder.pi-hole.net for sharing with developers only."
-    log_write "    * For more information, see: ${TRICORDER_CONTEST}"
+
-    log_write "    * If available, we'll use openssl to upload the log, otherwise it will fall back to netcat."
+    # If pihole -d is running automatically
    # If pihole -d is running automatically (usually through the dashboard)
    if [[ "${AUTOMATED}" ]]; then
        # let the user know
        log_write "${INFO} Debug script running in automated mode"
        # and then decide again which tool to use to submit it
-        tricorder_use_nc_or_curl
+        curl_to_tricorder
        # If we're not running in automated mode,
    else
        # if not being called from the web interface
        if [[ ! "${WEBCALL}" ]]; then
            echo ""
            # give the user a choice of uploading it or not
            # Users can review the log file locally (or the output of the script since they are the same) and try to self-diagnose their problem
            read -r -p "[?] Would you like to upload the log? [y/N] " response
            case ${response} in
                # If they say yes, run our function for uploading the log
-            [yY][eE][sS]|[yY]) tricorder_use_nc_or_curl;;
+                [yY][eE][sS]|[yY]) curl_to_tricorder;;
                # If they choose no, just exit out of the script
                *) log_write "    * Log will ${COL_GREEN}NOT${COL_NC} be uploaded to tricorder.\\n    * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n";exit;
            esac
        fi
    fi
    # Check if tricorder.pi-hole.net is reachable and provide token
    # along with some additional useful information
    if [[ -n "${tricorder_token}" ]]; then
        # Again, try to make this visually striking so the user realizes they need to do something with this information
        # Namely, provide the Pi-hole devs with the token
        log_write ""
-        log_write "${COL_PURPLE}***********************************${COL_NC}"
+        log_write "${COL_PURPLE}*****************************************************************${COL_NC}"
-        log_write "${COL_PURPLE}***********************************${COL_NC}"
+        log_write "${COL_PURPLE}*****************************************************************${COL_NC}\\n"
        log_write "${TICK} Your debug token is: ${COL_GREEN}${tricorder_token}${COL_NC}"
-        log_write "${COL_PURPLE}***********************************${COL_NC}"
+        log_write "${INFO}${COL_RED} Logs are deleted 48 hours after upload.${COL_NC}\\n"
-        log_write "${COL_PURPLE}***********************************${COL_NC}"
+        log_write "${COL_PURPLE}*****************************************************************${COL_NC}"
        log_write "${COL_PURPLE}*****************************************************************${COL_NC}"
        log_write ""
-        log_write "   * Provide the token above to the Pi-hole team for assistance at"
+        log_write "   * Provide the token above to the Pi-hole team for assistance at ${FORUMS_URL}"
-        log_write "   * ${FORUMS_URL}"
+
        log_write "   * Your log will self-destruct on our server after ${COL_RED}48 hours${COL_NC}."
    # If no token was generated
    else
        # Show an error and some help instructions
        # Skip this if being called from web interface and autmatic mode was not chosen (users opt-out to upload)
        if [[ "${WEBCALL}" ]] && [[ ! "${AUTOMATED}" ]]; then
            :
        else
            log_write "${CROSS}  ${COL_RED}There was an error uploading your debug log.${COL_NC}"
            log_write "   * Please try again or contact the Pi-hole team for assistance."
        fi
    fi
    # Finally, show where the log file is no matter the outcome of the function so users can look at it
    log_write "   * A local copy of the debug log can be found at: ${COL_CYAN}${PIHOLE_DEBUG_LOG}${COL_NC}\\n"
 }
@@ -1305,10 +1468,15 @@ check_component_versions
 check_critical_program_versions
 diagnose_operating_system
 check_selinux
 check_firewalld
 processor_check
 disk_usage
 check_ip_command
 check_networking
 check_name_resolution
 check_dhcp_servers
 process_status
 ftl_full_status
 parse_setup_vars
 check_x_headers
 analyze_gravity_list
@@ -1317,6 +1485,7 @@ show_domainlist
 show_clients
 show_adlists
 show_content_of_pihole_files
 show_messages
 parse_locale
 analyze_pihole_log
 copy_to_debug_log
--- a/advanced/Scripts/piholeLogFlush.sh
+++ b/advanced/Scripts/piholeLogFlush.sh
@@ -11,6 +11,11 @@
 colfile="/opt/pihole/COL_TABLE"
 source ${colfile}
 # In case we're running at the same time as a system logrotate, use a
 # separate logrotate state file to prevent stepping on each other's
 # toes.
 STATEFILE="/var/lib/logrotate/pihole"
 # Determine database location
 # Obtain DBFILE=... setting from pihole-FTL.db
 # Constructed to return nothing when
@@ -32,7 +37,7 @@ if [[ "$@" == *"once"* ]]; then
    # Nightly logrotation
    if command -v /usr/sbin/logrotate >/dev/null; then
        # Logrotate once
-        /usr/sbin/logrotate --force /etc/pihole/logrotate
+        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
    else
        # Copy pihole.log over to pihole.log.1
        # and empty out pihole.log
@@ -47,8 +52,8 @@ else
    # Manual flushing
    if command -v /usr/sbin/logrotate >/dev/null; then
        # Logrotate twice to move all data out of sight of FTL
-        /usr/sbin/logrotate --force /etc/pihole/logrotate; sleep 3
+        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate; sleep 3
-        /usr/sbin/logrotate --force /etc/pihole/logrotate
+        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
    else
        # Flush both pihole.log and pihole.log.1 (if existing)
        echo " " > /var/log/pihole.log
@@ -58,7 +63,7 @@ else
        fi
    fi
    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
-    deleted=$(sqlite3 "${DBFILE}" "DELETE FROM queries WHERE timestamp >= strftime('%s','now')-86400; select changes() from queries limit 1")
+    deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
    # Restart pihole-FTL to force reloading history
    sudo pihole restartdns
--- a/advanced/Scripts/query.sh
+++ b/advanced/Scripts/query.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC1090
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2018 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
@@ -11,12 +12,21 @@
 # Globals
 piholeDir="/etc/pihole"
-gravityDBfile="${piholeDir}/gravity.db"
+GRAVITYDB="${piholeDir}/gravity.db"
 options="$*"
 all=""
 exact=""
 blockpage=""
 matchType="match"
 # Source pihole-FTL from install script
 pihole_FTL="${piholeDir}/pihole-FTL.conf"
 if [[ -f "${pihole_FTL}" ]]; then
    source "${pihole_FTL}"
 fi
 # Set this only after sourcing pihole-FTL.conf as the gravity database path may
 # have changed
 gravityDBfile="${GRAVITYDB}"
 colfile="/opt/pihole/COL_TABLE"
 source "${colfile}"
@@ -111,7 +121,7 @@ scanDatabaseTable() {
    fi
    # Send prepared query to gravity database
-    result="$(sqlite3 "${gravityDBfile}" "${querystr}")" 2> /dev/null
+    result="$(pihole-FTL sqlite3 "${gravityDBfile}" "${querystr}")" 2> /dev/null
    if [[ -z "${result}" ]]; then
        # Return early when there are no matches in this table
        return
@@ -154,7 +164,7 @@ scanRegexDatabaseTable() {
    type="${3:-}"
    # Query all regex from the corresponding database tables
-    mapfile -t regexList < <(sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${type}" 2> /dev/null)
+    mapfile -t regexList < <(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${type}" 2> /dev/null)
    # If we have regexps to process
    if [[ "${#regexList[@]}" -ne 0 ]]; then
--- a/advanced/Scripts/update.sh
+++ b/advanced/Scripts/update.sh
@@ -35,6 +35,7 @@ source "/opt/pihole/COL_TABLE"
 GitCheckUpdateAvail() {
    local directory
    local curBranch
    directory="${1}"
    curdir=$PWD
    cd "${directory}" || return
@@ -42,6 +43,15 @@ GitCheckUpdateAvail() {
    # Fetch latest changes in this repo
    git fetch --quiet origin
    # Check current branch. If it is master, then check for the latest available tag instead of latest commit.
    curBranch=$(git rev-parse --abbrev-ref HEAD)
    if [[ "${curBranch}" == "master" ]]; then
        # get the latest local tag
        LOCAL=$(git describe --abbrev=0 --tags master)
        # get the latest tag from remote
        REMOTE=$(git describe --abbrev=0 --tags origin/master)
    else
        # @ alone is a shortcut for HEAD. Older versions of git
        # need @{0}
        LOCAL="$(git rev-parse "@{0}")"
@@ -54,6 +64,8 @@ GitCheckUpdateAvail() {
        # branch.<name>.merge). A missing branchname
        # defaults to the current one.
        REMOTE="$(git rev-parse "@{upstream}")"
    fi
    if [[ "${#LOCAL}" == 0 ]]; then
        echo -e "\\n  ${COL_LIGHT_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
@@ -95,6 +107,10 @@ main() {
    # shellcheck disable=1090,2154
    source "${setupVars}"
    # Install packages used by this installation script (necessary if users have removed e.g. git from their systems)
    package_manager_detect
    install_dependent_packages "${INSTALLER_DEPS[@]}"
    # This is unlikely
    if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
        echo -e "\\n  ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
--- a/advanced/Scripts/utils.sh
+++ b/advanced/Scripts/utils.sh
@@ -0,0 +1,62 @@
 #!/usr/bin/env bash
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # Script to hold utility functions for use in other scripts
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 # Basic Housekeeping rules
 #  - Functions must be self contained
 #  - Functions must be added in alphabetical order
 #  - Functions must be documented
 #  - New functions must have a test added for them in test/test_any_utils.py
 #######################
 # Takes three arguments key, value, and file.
 # Checks the target file for the existence of the key
 #   - If it exists, it changes the value
 #   - If it does not exist, it adds the value
 #
 # Example usage:
 # addOrEditKeyValuePair "BLOCKING_ENABLED" "true" "/etc/pihole/setupVars.conf"
 #######################
 addOrEditKeyValPair() {
  local key="${1}"
  local value="${2}"
  local file="${3}"
  if grep -q "^${key}=" "${file}"; then
    sed -i "/^${key}=/c\\${key}=${value}" "${file}"
  else
    echo "${key}=${value}" >> "${file}"
  fi
 }
 #######################
 # returns FTL's current telnet API port
 #######################
 getFTLAPIPort(){
  local -r FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
  local -r DEFAULT_PORT_FILE="/run/pihole-FTL.port"
  local -r DEFAULT_FTL_PORT=4711
  local PORTFILE
  local ftl_api_port
  if [[ -f "$FTLCONFFILE" ]]; then
    # if PORTFILE is not set in pihole-FTL.conf, use the default path
    PORTFILE="$( (grep "^PORTFILE=" $FTLCONFFILE || echo "$DEFAULT_PORT_FILE") | cut -d"=" -f2-)"
  fi
  if [[ -s "$PORTFILE" ]]; then
    # -s: FILE exists and has a size greater than zero
    ftl_api_port=$(<"$PORTFILE")
    # Exploit prevention: unset the variable if there is malicious content
    # Verify that the value read from the file is numeric
    [[ "$ftl_api_port" =~ [^[:digit:]] ]] && unset ftl_api_port
  fi
  # echo the port found in the portfile or default to the default port
  echo "${ftl_api_port:=$DEFAULT_FTL_PORT}"
 }
--- a/advanced/Scripts/version.sh
+++ b/advanced/Scripts/version.sh
@@ -13,6 +13,10 @@ DEFAULT="-1"
 COREGITDIR="/etc/.pihole/"
 WEBGITDIR="/var/www/html/admin/"
 # Source the setupvars config file
 # shellcheck disable=SC1091
 source /etc/pihole/setupVars.conf
 getLocalVersion() {
    # FTL requires a different method
    if [[ "$1" == "FTL" ]]; then
@@ -91,10 +95,11 @@ getRemoteVersion(){
    #If the above file exists, then we can read from that. Prevents overuse of GitHub API
    if [[ -f "$cachedVersions" ]]; then
        IFS=' ' read -r -a arrCache < "$cachedVersions"
        case $daemon in
            "pi-hole"   )  echo "${arrCache[0]}";;
-          "AdminLTE"  )  echo "${arrCache[1]}";;
+            "AdminLTE"  )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[1]}";;
-          "FTL"       )  echo "${arrCache[2]}";;
+            "FTL"       )  [[ "${INSTALL_WEB_INTERFACE}" == true ]] && echo "${arrCache[2]}" || echo "${arrCache[1]}";;
        esac
        return 0
@@ -140,6 +145,11 @@ getLocalBranch(){
 }
 versionOutput() {
    if [[ "$1" == "AdminLTE" && "${INSTALL_WEB_INTERFACE}" != true ]]; then
        echo "  WebAdmin not installed"
        return 1
    fi
    [[ "$1" == "pi-hole" ]] && GITDIR=$COREGITDIR
    [[ "$1" == "AdminLTE" ]] && GITDIR=$WEBGITDIR
    [[ "$1" == "FTL" ]] && GITDIR="FTL"
@@ -153,7 +163,7 @@ versionOutput() {
    if [[ -n "$current" ]] && [[ -n "$latest" ]]; then
        output="${1^} version is $branch$current (Latest: $latest)"
    elif [[ -n "$current" ]] && [[ -z "$latest" ]]; then
-        output="Current ${1^} version is $branch$current."
+        output="Current ${1^} version is $branch$current"
    elif [[ -z "$current" ]] && [[ -n "$latest" ]]; then
        output="Latest ${1^} version is $latest"
    elif [[ "$curHash" == "N/A" ]] || [[ "$latHash" == "N/A" ]]; then
@@ -166,6 +176,7 @@ versionOutput() {
        output="Latest ${1^} hash is $latHash"
    else
        errorOutput
        return 1
    fi
    [[ -n "$output" ]] && echo "  $output"
@@ -177,10 +188,6 @@ errorOutput() {
 }
 defaultOutput() {
    # Source the setupvars config file
    # shellcheck disable=SC1091
    source /etc/pihole/setupVars.conf
    versionOutput "pi-hole" "$@"
    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -44,7 +44,9 @@ Options:
  -e, email                       Set an administrative contact address for the Block Page
  -h, --help                      Show this help dialog
  -i, interface                   Specify dnsmasq's interface listening behavior
-  -l, privacylevel    Set privacy level (0 = lowest, 4 = highest)"
+  -l, privacylevel                Set privacy level (0 = lowest, 3 = highest)
  -t, teleporter                  Backup configuration as an archive
  -t, teleporter myname.tar.gz    Backup configuration to archive with name myname.tar.gz as specified"
    exit 0
 }
@@ -53,7 +55,7 @@ add_setting() {
 }
 delete_setting() {
-    sed -i "/${1}/d" "${setupVars}"
+    sed -i "/^${1}/d" "${setupVars}"
 }
 change_setting() {
@@ -66,7 +68,7 @@ addFTLsetting() {
 }
 deleteFTLsetting() {
-    sed -i "/${1}/d" "${FTLconf}"
+    sed -i "/^${1}/d" "${FTLconf}"
 }
 changeFTLsetting() {
@@ -83,7 +85,7 @@ add_dnsmasq_setting() {
 }
 delete_dnsmasq_setting() {
-    sed -i "/${1}/d" "${dnsmasqconfig}"
+    sed -i "/^${1}/d" "${dnsmasqconfig}"
 }
 SetTemperatureUnit() {
@@ -167,9 +169,11 @@ ProcessDNSSettings() {
    fi
    delete_dnsmasq_setting "domain-needed"
    delete_dnsmasq_setting "expand-hosts"
    if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
        add_dnsmasq_setting "domain-needed"
        add_dnsmasq_setting "expand-hosts"
    fi
    delete_dnsmasq_setting "bogus-priv"
@@ -196,6 +200,8 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
    # Setup interface listening behavior of dnsmasq
    delete_dnsmasq_setting "interface"
    delete_dnsmasq_setting "local-service"
    delete_dnsmasq_setting "except-interface"
    delete_dnsmasq_setting "bind-interfaces"
    if [[ "${DNSMASQ_LISTENING}" == "all" ]]; then
        # Listen on all interfaces, permit all origins
@@ -204,6 +210,7 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
        # Listen only on all interfaces, but only local subnets
        add_dnsmasq_setting "local-service"
    else
        # Options "bind" and "single"
        # Listen only on one interface
        # Use eth0 as fallback interface if interface is missing in setupVars.conf
        if [ -z "${PIHOLE_INTERFACE}" ]; then
@@ -211,10 +218,21 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
        fi
        add_dnsmasq_setting "interface" "${PIHOLE_INTERFACE}"
        if [[ "${DNSMASQ_LISTENING}" == "bind" ]]; then
            # Really bind to interface
            add_dnsmasq_setting "bind-interfaces"
        fi
    fi
    if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then
        # Convert legacy "conditional forwarding" to rev-server configuration
        # Remove any existing REV_SERVER settings
        delete_setting "REV_SERVER"
        delete_setting "REV_SERVER_DOMAIN"
        delete_setting "REV_SERVER_TARGET"
        delete_setting "REV_SERVER_CIDR"
        REV_SERVER=true
        add_setting "REV_SERVER" "true"
@@ -224,30 +242,63 @@ trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC68345710423
        REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}"
        add_setting "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"
        #Convert CONDITIONAL_FORWARDING_REVERSE if necessary e.g:
        #          1.1.168.192.in-addr.arpa to 192.168.1.1/32
        #          1.168.192.in-addr.arpa to 192.168.1.0/24
        #          168.192.in-addr.arpa to 192.168.0.0/16
        #          192.in-addr.arpa to 192.0.0.0/8
        if [[ "${CONDITIONAL_FORWARDING_REVERSE}" == *"in-addr.arpa" ]];then
            arrRev=("${CONDITIONAL_FORWARDING_REVERSE//./ }")
            case ${#arrRev[@]} in
                6   )   REV_SERVER_CIDR="${arrRev[3]}.${arrRev[2]}.${arrRev[1]}.${arrRev[0]}/32";;
                5   )   REV_SERVER_CIDR="${arrRev[2]}.${arrRev[1]}.${arrRev[0]}.0/24";;
                4   )   REV_SERVER_CIDR="${arrRev[1]}.${arrRev[0]}.0.0/16";;
                3   )   REV_SERVER_CIDR="${arrRev[0]}.0.0.0/8";;
            esac
        else
            # Set REV_SERVER_CIDR to whatever value it was set to
            REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}"
        fi
        # If REV_SERVER_CIDR is not converted by the above, then use the REV_SERVER_TARGET variable to derive it
        if [ -z "${REV_SERVER_CIDR}" ]; then
            # Convert existing input to /24 subnet (preserves legacy behavior)
            # This sed converts "192.168.1.2" to "192.168.1.0/24"
            # shellcheck disable=2001
            REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")"
        fi
        add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
        # Remove obsolete settings from setupVars.conf
        delete_setting "CONDITIONAL_FORWARDING"
        delete_setting "CONDITIONAL_FORWARDING_REVERSE"
        delete_setting "CONDITIONAL_FORWARDING_DOMAIN"
        delete_setting "CONDITIONAL_FORWARDING_IP"
        # Convert existing input to /24 subnet (preserves legacy behavior)
        # This sed converts "192.168.1.2" to "192.168.1.0/24"
        # shellcheck disable=2001
        REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")"
        add_setting "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
    fi
    delete_dnsmasq_setting "rev-server"
    if [[ "${REV_SERVER}" == true ]]; then
        add_dnsmasq_setting "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
        if [ -n "${REV_SERVER_DOMAIN}" ]; then
            # Forward local domain names to the CF target, too
            add_dnsmasq_setting "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
        fi
        if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then
            # Forward unqualified names to the CF target only when the "never
            # forward non-FQDN" option is unticked
            add_dnsmasq_setting "server=//${REV_SERVER_TARGET}"
        fi
-    # Prevent Firefox from automatically switching over to DNS-over-HTTPS
+    fi
-    # This follows https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
+
-    # (sourced 7th September 2019)
+    # We need to process DHCP settings here as well to account for possible
-    add_dnsmasq_setting "server=/use-application-dns.net/"
+    # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf
    # as we don't want to delete all local=/.../ lines so it's much safer to
    # simply rewrite the entire corresponding config file (which is what the
    # DHCP settings subroutie is doing)
    ProcessDHCPSettings
 }
 SetDNSServers() {
@@ -370,6 +421,14 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
        if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
            echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
            # When there is a Pi-hole domain set and "Never forward non-FQDNs" is
            # ticked, we add `local=/domain/` to tell FTL that this domain is purely
            # local and FTL may answer queries from /etc/hosts or DHCP but should
            # never forward queries on that domain to any upstream servers
            if  [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
                echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
            fi
        fi
        # Sourced from setupVars
@@ -382,7 +441,7 @@ dhcp-leasefile=/etc/pihole/dhcp.leases
            echo "#quiet-dhcp6
 #enable-ra
 dhcp-option=option6:dns-server,[::]
-dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,${leasetime}
+dhcp-range=::100,::1ff,constructor:${interface},ra-names,slaac,64,3600
 ra-param=*,0,0
 " >> "${dhcpconfig}"
        fi
@@ -442,10 +501,15 @@ SetWebUITheme() {
 }
 CheckUrl(){
-    local regex
+    local regex check_url
    # Check for characters NOT allowed in URLs
-    regex="[^a-zA-Z0-9:/?&%=~._-]"
+    regex="[^a-zA-Z0-9:/?&%=~._()-;]"
-    if [[ "${1}" =~ ${regex} ]]; then
+
    # this will remove first @ that is after schema and before domain
    # \1 is optional schema, \2 is userinfo
    check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$1" )"
    if [[ "${check_url}" =~ ${regex} ]]; then
        return 1
    else
        return 0
@@ -460,13 +524,13 @@ CustomizeAdLists() {
    if CheckUrl "${address}"; then
        if [[ "${args[2]}" == "enable" ]]; then
-            sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
+            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
        elif [[ "${args[2]}" == "disable" ]]; then
-            sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
+            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
        elif [[ "${args[2]}" == "add" ]]; then
-            sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
+            pihole-FTL sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
        elif [[ "${args[2]}" == "del" ]]; then
-            sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
+            pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
        else
            echo "Not permitted"
            return 1
@@ -477,25 +541,6 @@ CustomizeAdLists() {
    fi
 }
 SetPrivacyMode() {
    if [[ "${args[2]}" == "true" ]]; then
        change_setting "API_PRIVACY_MODE" "true"
    else
        change_setting "API_PRIVACY_MODE" "false"
    fi
 }
 ResolutionSettings() {
    typ="${args[2]}"
    state="${args[3]}"
    if [[ "${typ}" == "forward" ]]; then
        change_setting "API_GET_UPSTREAM_DNS_HOSTNAME" "${state}"
    elif [[ "${typ}" == "clients" ]]; then
        change_setting "API_GET_CLIENT_HOSTNAME" "${state}"
    fi
 }
 AddDHCPStaticAddress() {
    mac="${args[2]}"
    ip="${args[3]}"
@@ -515,7 +560,13 @@ AddDHCPStaticAddress() {
 RemoveDHCPStaticAddress() {
    mac="${args[2]}"
    if [[ "$mac" =~ ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ ]]; then
        sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}"
    else
        echo "  ${CROSS} Invalid Mac Passed!"
        exit 1
    fi
 }
 SetAdminEmail() {
@@ -558,9 +609,10 @@ Example: 'pihole -a -i local'
 Specify dnsmasq's network interface listening behavior
 Interfaces:
-  local               Listen on all interfaces, but only allow queries from
+  local               Only respond to queries from devices that
-                      devices that are at most one hop away (local devices)
+                      are at most one hop away (local devices)
-  single              Listen only on ${PIHOLE_INTERFACE} interface
+  single              Respond only on interface ${PIHOLE_INTERFACE}
  bind                Bind only on interface ${PIHOLE_INTERFACE}
  all                 Listen on all interfaces, permit all origins"
        exit 0
    fi
@@ -571,6 +623,9 @@ Interfaces:
    elif [[ "${args[2]}" == "local" ]]; then
        echo -e "  ${INFO} Listening on all interfaces, permitting origins from one hop away (LAN)"
        change_setting "DNSMASQ_LISTENING" "local"
    elif [[ "${args[2]}" == "bind" ]]; then
        echo -e "  ${INFO} Binding on interface ${PIHOLE_INTERFACE}"
        change_setting "DNSMASQ_LISTENING" "bind"
    else
        echo -e "  ${INFO} Listening only on interface ${PIHOLE_INTERFACE}"
        change_setting "DNSMASQ_LISTENING" "single"
@@ -586,9 +641,17 @@ Interfaces:
 }
 Teleporter() {
    local filename
    filename="${args[2]}"
    if [[ -z "${filename}" ]]; then
        local datetimestamp
        local host
        datetimestamp=$(date "+%Y-%m-%d_%H-%M-%S")
-    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "pi-hole-teleporter_${datetimestamp}.tar.gz"
+        host=$(hostname)
        host="${host//./_}"
        filename="pi-hole-${host:-noname}-teleporter_${datetimestamp}.tar.gz"
    fi
    php /var/www/html/admin/scripts/pi-hole/php/teleporter.php > "${filename}"
 }
 checkDomain()
@@ -624,17 +687,17 @@ addAudit()
    done
    # Insert only the domain here. The date_added field will be
    # filled with its default value (date_added = current timestamp)
-    sqlite3 "${gravityDBfile}" "INSERT INTO domain_audit (domain) VALUES ${domains};"
+    pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domain_audit (domain) VALUES ${domains};"
 }
 clearAudit()
 {
-    sqlite3 "${gravityDBfile}" "DELETE FROM domain_audit;"
+    pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domain_audit;"
 }
 SetPrivacyLevel() {
-    # Set privacy level. Minimum is 0, maximum is 4
+    # Set privacy level. Minimum is 0, maximum is 3
-    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 4 ]; then
+    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
        changeFTLsetting "PRIVACYLEVEL" "${args[2]}"
        pihole restartdns reload-lists
    fi
@@ -645,10 +708,25 @@ AddCustomDNSAddress() {
    ip="${args[2]}"
    host="${args[3]}"
-	echo "${ip} ${host}" >> "${dnscustomfile}"
+    reload="${args[4]}"
-    # Restart dnsmasq to load new custom DNS entries
+    validHost="$(checkDomain "${host}")"
    if [[ -n "${validHost}" ]]; then
        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
            echo "${ip} ${validHost}" >> "${dnscustomfile}"
        else
            echo -e "  ${CROSS} Invalid IP has been passed"
            exit 1
        fi
    else
        echo "  ${CROSS} Invalid Domain passed!"
        exit 1
    fi
    # Restart dnsmasq to load new custom DNS entries only if $reload not false
    if [[ ! $reload == "false" ]]; then
        RestartDNS
    fi
 }
 RemoveCustomDNSAddress() {
@@ -656,10 +734,25 @@ RemoveCustomDNSAddress() {
    ip="${args[2]}"
    host="${args[3]}"
-    sed -i "/${ip} ${host}/d" "${dnscustomfile}"
+    reload="${args[4]}"
-    # Restart dnsmasq to update removed custom DNS entries
+    validHost="$(checkDomain "${host}")"
    if [[ -n "${validHost}" ]]; then
        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
            sed -i "/^${ip} ${validHost}$/Id" "${dnscustomfile}"
        else
            echo -e "  ${CROSS} Invalid IP has been passed"
            exit 1
        fi
    else
        echo "  ${CROSS} Invalid Domain passed!"
        exit 1
    fi
    # Restart dnsmasq to load new custom DNS entries only if reload is not false
    if [[ ! $reload == "false" ]]; then
        RestartDNS
    fi
 }
 AddCustomCNAMERecord() {
@@ -667,10 +760,25 @@ AddCustomCNAMERecord() {
    domain="${args[2]}"
    target="${args[3]}"
-    echo "cname=${domain},${target}" >> "${dnscustomcnamefile}"
+    reload="${args[4]}"
-    # Restart dnsmasq to load new custom CNAME records
+    validDomain="$(checkDomain "${domain}")"
    if [[ -n "${validDomain}" ]]; then
        validTarget="$(checkDomain "${target}")"
        if [[ -n "${validTarget}" ]]; then
            echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}"
        else
            echo "  ${CROSS} Invalid Target Passed!"
            exit 1
        fi
    else
        echo "  ${CROSS} Invalid Domain passed!"
        exit 1
    fi
    # Restart dnsmasq to load new custom CNAME records only if reload is not false
    if [[ ! $reload == "false" ]]; then
        RestartDNS
    fi
 }
 RemoveCustomCNAMERecord() {
@@ -678,10 +786,43 @@ RemoveCustomCNAMERecord() {
    domain="${args[2]}"
    target="${args[3]}"
-    sed -i "/cname=${domain},${target}/d" "${dnscustomcnamefile}"
+    reload="${args[4]}"
-    # Restart dnsmasq to update removed custom CNAME records
+    validDomain="$(checkDomain "${domain}")"
    if [[ -n "${validDomain}" ]]; then
        validTarget="$(checkDomain "${target}")"
        if [[ -n "${validTarget}" ]]; then
            sed -i "/cname=${validDomain},${validTarget}$/Id" "${dnscustomcnamefile}"
        else
            echo "  ${CROSS} Invalid Target Passed!"
            exit 1
        fi
    else
        echo "  ${CROSS} Invalid Domain passed!"
        exit 1
    fi
    # Restart dnsmasq to update removed custom CNAME records only if $reload not false
    if [[ ! $reload == "false" ]]; then
        RestartDNS
    fi
 }
 SetRateLimit() {
    local rate_limit_count rate_limit_interval reload
    rate_limit_count="${args[2]}"
    rate_limit_interval="${args[3]}"
    reload="${args[4]}"
    # Set rate-limit setting inf valid
    if [ "${rate_limit_count}" -ge 0 ] && [ "${rate_limit_interval}" -ge 0 ]; then
        changeFTLsetting "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}"
    fi
    # Restart FTL to update rate-limit settings only if $reload not false
    if [[ ! $reload == "false" ]]; then
        RestartDNS
    fi
 }
 main() {
@@ -704,8 +845,6 @@ main() {
        "layout"              ) SetWebUILayout;;
        "theme"               ) SetWebUITheme;;
        "-h" | "--help"       ) helpFunc;;
        "privacymode"         ) SetPrivacyMode;;
        "resolve"             ) ResolutionSettings;;
        "addstaticdhcp"       ) AddDHCPStaticAddress;;
        "removestaticdhcp"    ) RemoveDHCPStaticAddress;;
        "-e" | "email"        ) SetAdminEmail "$3";;
@@ -719,6 +858,7 @@ main() {
        "removecustomdns"     ) RemoveCustomDNSAddress;;
        "addcustomcname"      ) AddCustomCNAMERecord;;
        "removecustomcname"   ) RemoveCustomCNAMERecord;;
        "ratelimit"           ) SetRateLimit;;
        *                     ) helpFunc;;
    esac
--- a/advanced/Scripts/wildcard_regex_converter.sh
+++ b/advanced/Scripts/wildcard_regex_converter.sh
@@ -1,28 +0,0 @@
 #!/usr/bin/env bash
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
 # Provides an automated migration subroutine to convert Pi-hole v3.x wildcard domains to Pi-hole v4.x regex filters
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 # regexFile set in gravity.sh
 wildcardFile="/etc/dnsmasq.d/03-pihole-wildcard.conf"
 convert_wildcard_to_regex() {
    if [ ! -f "${wildcardFile}" ]; then
        return
    fi
    local addrlines domains uniquedomains
    # Obtain wildcard domains from old file
    addrlines="$(grep -oE "/.*/" ${wildcardFile})"
    # Strip "/" from domain names and convert "." to regex-compatible "\."
    domains="$(sed 's/\///g;s/\./\\./g' <<< "${addrlines}")"
    # Remove repeated domains (may have been inserted two times due to A and AAAA blocking)
    uniquedomains="$(uniq <<< "${domains}")"
    # Automatically generate regex filters and remove old wildcards file
    awk '{print "(^|\\.)"$0"$"}' <<< "${uniquedomains}" >> "${regexFile:?}" && rm "${wildcardFile}"
 }
--- a/advanced/Templates/gravity.db.sql
+++ b/advanced/Templates/gravity.db.sql
@@ -31,7 +31,11 @@ CREATE TABLE adlist
 	enabled BOOLEAN NOT NULL DEFAULT 1,
 	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	comment TEXT
+	comment TEXT,
 	date_updated INTEGER,
 	number INTEGER NOT NULL DEFAULT 0,
 	invalid_domains INTEGER NOT NULL DEFAULT 0,
 	status INTEGER NOT NULL DEFAULT 0
 );
 CREATE TABLE adlist_by_group
@@ -53,7 +57,7 @@ CREATE TABLE info
 	value TEXT NOT NULL
 );
-INSERT INTO "info" VALUES('version','12');
+INSERT INTO "info" VALUES('version','15');
 CREATE TABLE domain_audit
 (
@@ -72,7 +76,7 @@ CREATE TABLE domainlist_by_group
 CREATE TABLE client
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	ip TEXT NOL NULL UNIQUE,
+	ip TEXT NOT NULL UNIQUE,
 	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
 	comment TEXT
@@ -85,9 +89,9 @@ CREATE TABLE client_by_group
 	PRIMARY KEY (client_id, group_id)
 );
-CREATE TRIGGER tr_adlist_update AFTER UPDATE ON adlist
+CREATE TRIGGER tr_adlist_update AFTER UPDATE OF address,enabled,comment ON adlist
    BEGIN
-      UPDATE adlist SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE address = NEW.address;
+      UPDATE adlist SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE id = NEW.id;
    END;
 CREATE TRIGGER tr_client_update AFTER UPDATE ON client
@@ -139,12 +143,10 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id
    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1);
-CREATE VIEW vw_adlist AS SELECT DISTINCT address, adlist.id AS id
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
    FROM adlist
-    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = adlist.id
+    WHERE enabled = 1
-    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
+    ORDER BY id;
    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1)
    ORDER BY adlist.id;
 CREATE TRIGGER tr_domainlist_add AFTER INSERT ON domainlist
    BEGIN
--- a/advanced/Templates/gravity_copy.sql
+++ b/advanced/Templates/gravity_copy.sql
@@ -12,14 +12,17 @@ INSERT OR REPLACE INTO "group" SELECT * FROM OLD."group";
 INSERT OR REPLACE INTO domain_audit SELECT * FROM OLD.domain_audit;
 INSERT OR REPLACE INTO domainlist SELECT * FROM OLD.domainlist;
 DELETE FROM OLD.domainlist_by_group WHERE domainlist_id NOT IN (SELECT id FROM OLD.domainlist);
 INSERT OR REPLACE INTO domainlist_by_group SELECT * FROM OLD.domainlist_by_group;
 INSERT OR REPLACE INTO adlist SELECT * FROM OLD.adlist;
 DELETE FROM OLD.adlist_by_group WHERE adlist_id NOT IN (SELECT id FROM OLD.adlist);
 INSERT OR REPLACE INTO adlist_by_group SELECT * FROM OLD.adlist_by_group;
 INSERT OR REPLACE INTO info SELECT * FROM OLD.info;
 INSERT OR REPLACE INTO client SELECT * FROM OLD.client;
 DELETE FROM OLD.client_by_group WHERE client_id NOT IN (SELECT id FROM OLD.client);
 INSERT OR REPLACE INTO client_by_group SELECT * FROM OLD.client_by_group;
--- a/advanced/Templates/pihole-FTL.conf
+++ b/advanced/Templates/pihole-FTL.conf
@@ -0,0 +1,2 @@
 #; Pi-hole FTL config file
 #; Comments should start with #; to avoid issues with PHP and bash reading this file
--- a/advanced/Templates/pihole-FTL.service
+++ b/advanced/Templates/pihole-FTL.service
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 ### BEGIN INIT INFO
 # Provides:          pihole-FTL
 # Required-Start:    $remote_fs $syslog $network
@@ -9,11 +9,39 @@
 # Description:       Enable service provided by pihole-FTL daemon
 ### END INIT INFO
-FTLUSER=pihole
+# Get PID of main pihole-FTL process
-PIDFILE=/run/pihole-FTL.pid
+FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
 DEFAULT_PID_FILE="/run/pihole-FTL.pid"
 getFTLPID() {
  if [ -s "$FTLCONFFILE" ]; then
    # if PIDFILE is not set in pihole-FTL.conf, use the default path
    FTL_PID_FILE="$( (grep "^PIDFILE=" $FTLCONFFILE || echo "$DEFAULT_PID_FILE") | cut -d"=" -f2-)"
  else
    # if there is no pihole-FTL.conf, use the default path
    FTL_PID_FILE="$DEFAULT_PID_FILE"
  fi
  if [ -s "${FTL_PID_FILE}" ]; then
    # -s: FILE exists and has a size greater than zero
    FTL_PID="$(cat "$FTL_PID_FILE")"
    # Exploit prevention: unset the variable if there is malicious content
    # Verify that the value read from the file is numeric
    expr "$FTL_PID" : "[^[:digit:]]" > /dev/null && unset FTL_PID
  fi
  # If FTL is not running, or the PID file contains malicious stuff, substitute
  # negative PID to signal this to the caller
  echo "${FTL_PID:=-1}"
 }
 is_running() {
-    pgrep -o "pihole-FTL" > /dev/null 2>&1
+  FTL_PID="$(getFTLPID)"
  if [ "$FTL_PID" -eq "-1" ]; then
    return 1
  else
    echo 0
  fi
 }
@@ -23,27 +51,23 @@ start() {
    echo "pihole-FTL is already running"
  else
    # Touch files to ensure they exist (create if non-existing, preserve if existing)
-    touch /var/log/pihole-FTL.log /var/log/pihole.log
+    mkdir -pm 0755 /run/pihole
-    touch /run/pihole-FTL.pid /run/pihole-FTL.port
+    [ ! -f /var/log/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole-FTL.log
-    touch /etc/pihole/dhcp.leases
+    [ ! -f /var/log/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole.log
-    mkdir -p /run/pihole
+    [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
    mkdir -p /var/log/pihole
    chown pihole:pihole /run/pihole /var/log/pihole
    # Remove possible leftovers from previous pihole-FTL processes
    rm -f /dev/shm/FTL-* 2> /dev/null
    rm /run/pihole/FTL.sock 2> /dev/null
    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
-    chown pihole:pihole /run/pihole-FTL.pid /run/pihole-FTL.port
+    chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole.log /var/log/pihole.log /etc/pihole/dhcp.leases
-    chown pihole:pihole /etc/pihole /etc/pihole/dhcp.leases 2> /dev/null
+    # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
-    chown pihole:pihole /var/log/pihole-FTL.log /var/log/pihole.log
+    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole-FTL.log /var/log/pihole.log
    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
    # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
-    chown pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db 2> /dev/null
+    chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
-    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE+eip "$(which pihole-FTL)"; then
+    # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
-      su -s /bin/sh -c "/usr/bin/pihole-FTL" "$FTLUSER"
+    chmod -f 0664 /etc/pihole/pihole-FTL.db
    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
    else
      echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
-      pihole-FTL
+      /usr/bin/pihole-FTL
    fi
    echo
  fi
@@ -52,27 +76,29 @@ start() {
 # Stop the service
 stop() {
  if is_running; then
-    pkill -o pihole-FTL
+    pkill -F "${FTL_PID_FILE}"
-    for i in {1..5}; do
+    for i in 1 2 3 4 5; do
      if ! is_running; then
        break
      fi
-      echo -n "."
+      printf "."
      sleep 1
    done
    echo
    if is_running; then
      echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
-      pkill -o -9 pihole-FTL
+      pkill -9 -F "${FTL_PID_FILE}"
-      exit 1
+      exit 0
    else
      echo "Stopped"
    fi
  else
    echo "Not running"
  fi
  # Cleanup
  rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}"
  echo
 }
@@ -101,7 +127,7 @@ case "$1" in
        start
        ;;
  *)
-        echo $"Usage: $0 {start|stop|restart|reload|status}"
+        echo "Usage: $0 {start|stop|restart|reload|status}"
        exit 1
 esac
--- a/advanced/Templates/pihole.cron
+++ b/advanced/Templates/pihole.cron
@@ -26,7 +26,7 @@
 #          parameter "quiet": don't print messages
 00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
-@reboot root /usr/sbin/logrotate /etc/pihole/logrotate
+@reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate
 # Pi-hole: Grab local version and branch every 10 minutes
 */10 *  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local
--- a/advanced/bash-completion/pihole
+++ b/advanced/bash-completion/pihole
@@ -56,7 +56,7 @@ _pihole() {
 		;;
 		"privacylevel")
 			if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then
-				opts_privacy="0 1 2 3 4"
+				opts_privacy="0 1 2 3"
 				COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) )
 			else
 				return 1
--- a/advanced/blockingpage.css
+++ b/advanced/blockingpage.css
@@ -145,7 +145,17 @@ body {
 }
 /* User is greeted with a splash page when browsing to Pi-hole IP address */
-#splashpage { background: #222; color: rgba(255, 255, 255, 0.7); text-align: center; }
+#splashpage {
  background: #222;
  color: rgba(255, 255, 255, 0.7);
  text-align: center;
  width: 100%;
  height: 100%;
  display: flex;
  align-items: center;
  justify-content: center;
 }
 #splashpage img { margin: 5px; width: 256px; }
 #splashpage b { color: inherit; }
@@ -196,6 +206,26 @@ header #bpAlt label {
  display: block;
 }
 html, body {
    height: 100%;
 }
 #pihole_card {
    width: 400px;
    height: auto;
    max-width: 400px;
 }
    #pihole_card p, #pihole_card a {
        font-size: 13pt;
        text-align: center;
    }
 #pihole_logo_splash {
    height: auto;
    width: 100%;
 }
 /* Click anywhere else on screen to hide #bpAbout */
 #bpAboutToggle:checked {
  display: block;
@@ -382,12 +412,44 @@ footer {
 /* Responsive Content */
@media only screen and (max-width: 500px) {
-  h1 a { font-size: 1.8rem; min-width: 170px; }
+  h1 a {
-  footer span::before { content: "Generated "; }
+        font-size: 1.8rem;
-  footer span { display: block; }
+        min-width: 170px;
    }
    footer span::before {
        content: "Generated ";
    }
    footer span {
        display: block;
    }
 }
@media only screen and (min-width: 1251px) {
-  #bpWrapper, footer { border-radius: 0 0 5px 5px; }
+  #bpWrapper, footer {
-  #bpAbout { border-right-width: 1px; }
+        border-radius: 0 0 5px 5px;
    }
    #bpAbout {
        border-right-width: 1px;
    }
 }
@media only screen and (max-width: 400px) {
    #pihole_card {
        width: 100%;
        height: auto;
    }
        #pihole_card p, #pihole_card a {
            font-size: 100%;
        }
 }
@media only screen and (max-width: 256px) {
    #pihole_logo_splash {
        width: 90% !important;
        height: auto;
    }
 }
--- a/advanced/index.php
+++ b/advanced/index.php
@@ -24,7 +24,7 @@ unset($setupVars);
 $landPage = "../landing.php";
 // Define array for hostnames to be accepted as self address for splash page
-$authorizedHosts = [];
+$authorizedHosts = [ "localhost" ];
 if (!empty($_SERVER["FQDN"])) {
    // If setenv.add-environment = ("fqdn" => "true") is configured in lighttpd,
    // append $serverName to $authorizedHosts
@@ -55,34 +55,37 @@ if ($serverName === "pi.hole"
    // Redirect to Web Interface
    exit(header("Location: /admin"));
 } elseif (filter_var($serverName, FILTER_VALIDATE_IP) || in_array($serverName, $authorizedHosts)) {
-    // Set Splash Page output
+    // When directly browsing via IP or authorized hostname
-    $splashPage = "
+    // Render splash/landing page based off presence of $landPage file
    // Unset variables so as to not be included in $landPage or $splashPage
    unset($svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt);
    // If $landPage file is present
    if (is_file(getcwd()."/$landPage")) {
        unset($serverName, $viewPort); // unset extra variables not to be included in $landpage
        include $landPage;
        exit();
    }
    // If $landPage file was not present, Set Splash Page output
    $splashPage = <<<EOT
    <!doctype html>
    <html lang='en'>
        <head>
            <meta charset='utf-8'>
            $viewPort
            <title>● $serverName</title>
-            <link rel='stylesheet' href='pihole/blockingpage.css'>
+            <link rel='stylesheet' href='/pihole/blockingpage.css'>
-            <link rel='shortcut icon' href='admin/img/favicons/favicon.ico' type='image/x-icon'>
+            <link rel='shortcut icon' href='/admin/img/favicons/favicon.ico' type='image/x-icon'>
        </head>
        <body id='splashpage'>
-            <img src='admin/img/logo.svg' alt='Pi-hole logo' width='256' height='377'>
+            <div id="pihole_card">
-            <br>
+              <img src='/admin/img/logo.svg' alt='Pi-hole logo' id="pihole_logo_splash" />
              <p>Pi-<strong>hole</strong>: Your black hole for Internet advertisements</p>
              <a href='/admin'>Did you mean to go to the admin panel?</a>
            </div>
        </body>
    </html>
-    ";
+EOT;
-
+    exit($splashPage);
    // Set splash/landing page based off presence of $landPage
    $renderPage = is_file(getcwd()."/$landPage") ? include $landPage : "$splashPage";
    // Unset variables so as to not be included in $landPage
    unset($serverName, $svPasswd, $svEmail, $authorizedHosts, $validExtTypes, $currentUrlExt, $viewPort);
    // Render splash/landing page when directly browsing via IP or authorized hostname
    exit($renderPage);
 } elseif ($currentUrlExt === "js") {
    // Serve Pi-hole JavaScript for blocked domains requesting JS
    exit(setHeader("js").'var x = "Pi-hole: A black hole for Internet advertisements."');
@@ -161,13 +164,35 @@ ini_set("default_socket_timeout", 3);
 function queryAds($serverName) {
    // Determine the time it takes while querying adlists
    $preQueryTime = microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"];
    // Determine which protocol should be used
    $protocol = "http";
    if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ||
        (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') ||
        (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
    ) {
        $protocol = "https";
    }
    // Format the URL
    $queryAdsURL = sprintf(
-        "http://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
+        "%s://127.0.0.1:%s/admin/scripts/pi-hole/php/queryads.php?domain=%s&bp",
        $protocol,
        $_SERVER["SERVER_PORT"],
        $serverName
    );
-    $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
+
-    $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
+    // Request the file and receive the response
    $queryAdsFile = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
    // $queryAdsFile must be an array (to avoid PHP 8.0+ error)
    if (is_array($queryAdsFile)) {
        $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAdsFile)));
    } else {
        // if not an array, return an error message
        return array("0" => "error", "1" => "<br>(".gettype($queryAdsFile).")<br>".print_r($queryAdsFile, true));
    }
    $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
    // Exception Handling
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@@ -20,7 +20,6 @@ server.modules = (
    "mod_accesslog",
    "mod_auth",
    "mod_expire",
    "mod_compress",
    "mod_redirect",
    "mod_setenv",
    "mod_rewrite"
@@ -37,30 +36,15 @@ server.port                 = 80
 accesslog.filename          = "/var/log/lighttpd/access.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 # Allow streaming response
 # reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
 server.stream-response-body = 1
 #ssl.read-ahead              = "disable"
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 compress.cache-dir = "/var/cache/lighttpd/compress/"
 compress.filetype  = (
    "application/json",
    "application/vnd.ms-fontobject",
    "application/xml",
    "font/eot",
    "font/opentype",
    "font/otf",
    "font/ttf",
    "image/bmp",
    "image/svg+xml",
    "image/vnd.microsoft.icon",
    "image/x-icon",
    "text/css",
    "text/html",
    "text/javascript",
    "text/plain",
    "text/xml"
 )
 mimetype.assign = (
    ".ico"   => "image/x-icon",
    ".jpeg"  => "image/jpeg",
@@ -81,6 +65,10 @@ mimetype.assign = (
    ".woff2" => "font/woff2"
 )
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
 # default listening port for IPv6 falls back to the IPv4 port
 include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
@@ -95,11 +83,6 @@ $HTTP["url"] =~ "^/admin/" {
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
        "X-Frame-Options" => "DENY"
    )
    $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
        # Allow Block Page access to local fonts
        setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
    }
 }
 # Block . files from being served, such as .git, .github, .gitignore
@@ -107,9 +90,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
    url.access-deny = ("")
 }
 # allow teleporter and API qr code iframe on settings page
 $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
    $HTTP["referer"] =~ "/admin/settings\.php" {
        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
    }
 }
 # Default expire header
 expire.url = ( "" => "access plus 0 seconds" )
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@@ -21,7 +21,6 @@ server.modules = (
    "mod_expire",
    "mod_fastcgi",
    "mod_accesslog",
    "mod_compress",
    "mod_redirect",
    "mod_setenv",
    "mod_rewrite"
@@ -38,30 +37,15 @@ server.port                 = 80
 accesslog.filename          = "/var/log/lighttpd/access.log"
 accesslog.format            = "%{%s}t|%V|%r|%s|%b"
 # Allow streaming response
 # reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
 server.stream-response-body = 1
 #ssl.read-ahead              = "disable"
 index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
 url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
 static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
 compress.cache-dir = "/var/cache/lighttpd/compress/"
 compress.filetype  = (
    "application/json",
    "application/vnd.ms-fontobject",
    "application/xml",
    "font/eot",
    "font/opentype",
    "font/otf",
    "font/ttf",
    "image/bmp",
    "image/svg+xml",
    "image/vnd.microsoft.icon",
    "image/x-icon",
    "text/css",
    "text/html",
    "text/javascript",
    "text/plain",
    "text/xml"
 )
 mimetype.assign = (
    ".ico"   => "image/x-icon",
    ".jpeg"  => "image/jpeg",
@@ -82,6 +66,10 @@ mimetype.assign = (
    ".woff2" => "font/woff2"
 )
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
 # default listening port for IPv6 falls back to the IPv4 port
 #include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
 #include_shell "/usr/share/lighttpd/create-mime.assign.pl"
@@ -103,11 +91,6 @@ $HTTP["url"] =~ "^/admin/" {
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
        "X-Frame-Options" => "DENY"
    )
    $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
        # Allow Block Page access to local fonts
        setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
    }
 }
 # Block . files from being served, such as .git, .github, .gitignore
@@ -115,9 +98,12 @@ $HTTP["url"] =~ "^/admin/\.(.*)" {
    url.access-deny = ("")
 }
 # allow teleporter and API qr code iframe on settings page
 $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
    $HTTP["referer"] =~ "/admin/settings\.php" {
        setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
    }
 }
 # Default expire header
 expire.url = ( "" => "access plus 0 seconds" )
 # Add user chosen options held in external file
 # This uses include_shell instead of an include wildcard for compatibility
 include_shell "cat external.conf 2>/dev/null"
--- a/install/basic-install.sh
+++ b/install/basic-install.sh
--- a/install/uninstall.sh
+++ b/install/uninstall.sh
@@ -31,7 +31,7 @@ else
    else
        echo -e "  ${CROSS} ${str}
            Script called with non-root privileges
-            The Pi-hole requires elevated privleges to uninstall"
+            The Pi-hole requires elevated privileges to uninstall"
        exit 1
    fi
 fi
@@ -42,8 +42,8 @@ source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 # setupVars set in basic-install.sh
 source "${setupVars}"
-# distro_check() sourced from basic-install.sh
+# package_manager_detect() sourced from basic-install.sh
-distro_check
+package_manager_detect
 # Install packages used by the Pi-hole
 DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}")
@@ -145,6 +145,7 @@ removeNoPurge() {
    ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null
    ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null
    ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null
    ${SUDO} rm -rf /var/log/*pihole* &> /dev/null
    ${SUDO} rm -rf /etc/pihole/ &> /dev/null
    ${SUDO} rm -rf /etc/.pihole/ &> /dev/null
@@ -206,11 +207,7 @@ removeNoPurge() {
 }
 ######### SCRIPT ###########
 if command -v vcgencmd &> /dev/null; then
    echo -e "  ${INFO} All dependencies are safe to remove on Raspbian"
 else
 echo -e "  ${INFO} Be sure to confirm if any dependencies should not be removed"
 fi
 while true; do
    echo -e "  ${INFO} ${COL_YELLOW}The following dependencies may have been added by the Pi-hole install:"
    echo -n "    "
--- a/1
+++ b/1
@@ -1 +0,0 @@
 py.test -v -f test/
--- a/gravity.sh
+++ b/gravity.sh
@@ -15,8 +15,6 @@ export LC_ALL=C
 coltable="/opt/pihole/COL_TABLE"
 source "${coltable}"
 regexconverter="/opt/pihole/wildcard_regex_converter.sh"
 source "${regexconverter}"
 # shellcheck disable=SC1091
 source "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh"
@@ -35,11 +33,11 @@ localList="${piholeDir}/local.list"
 VPNList="/etc/openvpn/ipp.txt"
 piholeGitDir="/etc/.pihole"
-gravityDBfile="${piholeDir}/gravity.db"
+gravityDBfile_default="${piholeDir}/gravity.db"
-gravityTEMPfile="${piholeDir}/gravity_temp.db"
+# GRAVITYDB may be overwritten by source pihole-FTL.conf below
 GRAVITYDB="${gravityDBfile_default}"
 gravityDBschema="${piholeGitDir}/advanced/Templates/gravity.db.sql"
 gravityDBcopy="${piholeGitDir}/advanced/Templates/gravity_copy.sql"
 optimize_database=false
 domainsExtension="domains"
@@ -47,16 +45,6 @@ domainsExtension="domains"
 setupVars="${piholeDir}/setupVars.conf"
 if [[ -f "${setupVars}" ]];then
  source "${setupVars}"
  # Remove CIDR mask from IPv4/6 addresses
  IPV4_ADDRESS="${IPV4_ADDRESS%/*}"
  IPV6_ADDRESS="${IPV6_ADDRESS%/*}"
  # Determine if IPv4/6 addresses exist
  if [[ -z "${IPV4_ADDRESS}" ]] && [[ -z "${IPV6_ADDRESS}" ]]; then
    echo -e "  ${COL_LIGHT_RED}No IP addresses found! Please run 'pihole -r' to reconfigure${COL_NC}"
    exit 1
  fi
 else
  echo -e "  ${COL_LIGHT_RED}Installation Failure: ${setupVars} does not exist! ${COL_NC}
  Please run 'pihole -r', and choose the 'reconfigure' option to fix."
@@ -69,6 +57,13 @@ if [[ -f "${pihole_FTL}" ]]; then
  source "${pihole_FTL}"
 fi
 # Set this only after sourcing pihole-FTL.conf as the gravity database path may
 # have changed
 gravityDBfile="${GRAVITYDB}"
 gravityTEMPfile="${GRAVITYDB}_temp"
 gravityDIR="$(dirname -- "${gravityDBfile}")"
 gravityOLDfile="${gravityDIR}/gravity_old.db"
 if [[ -z "${BLOCKINGMODE}" ]] ; then
  BLOCKINGMODE="NULL"
 fi
@@ -78,19 +73,24 @@ if [[ -r "${piholeDir}/pihole.conf" ]]; then
  echo -e "  ${COL_LIGHT_RED}Ignoring overrides specified within pihole.conf! ${COL_NC}"
 fi
-# Generate new sqlite3 file from schema template
+# Generate new SQLite3 file from schema template
 generate_gravity_database() {
-  sqlite3 "${1}" < "${gravityDBschema}"
+  if ! pihole-FTL sqlite3 "${gravityDBfile}" < "${gravityDBschema}"; then
    echo -e "   ${CROSS} Unable to create ${gravityDBfile}"
    return 1
  fi
  chown pihole:pihole "${gravityDBfile}"
  chmod g+w "${piholeDir}" "${gravityDBfile}"
 }
 # Copy data from old to new database file and swap them
 gravity_swap_databases() {
-  local str
+  local str copyGravity oldAvail
  str="Building tree"
  echo -ne "  ${INFO} ${str}..."
-  # The index is intentionally not UNIQUE as prro quality adlists may contain domains more than once
+  # The index is intentionally not UNIQUE as poor quality adlists may contain domains more than once
-  output=$( { sqlite3 "${gravityTEMPfile}" "CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1 )
+  output=$( { pihole-FTL sqlite3 "${gravityTEMPfile}" "CREATE INDEX idx_gravity ON gravity (domain, adlist_id);"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
@@ -102,23 +102,31 @@ gravity_swap_databases() {
  str="Swapping databases"
  echo -ne "  ${INFO} ${str}..."
-  output=$( { sqlite3 "${gravityTEMPfile}" < "${gravityDBcopy}"; } 2>&1 )
+  # Swap databases and remove or conditionally rename old database
-  status="$?"
+  # Number of available blocks on disk
-
+  availableBlocks=$(stat -f --format "%a" "${gravityDIR}")
-  if [[ "${status}" -ne 0 ]]; then
+  # Number of blocks, used by gravity.db
-    echo -e "\\n  ${CROSS} Unable to copy data from ${gravityDBfile} to ${gravityTEMPfile}\\n  ${output}"
+  gravityBlocks=$(stat --format "%b" ${gravityDBfile})
-    return 1
+  # Only keep the old database if available disk space is at least twice the size of the existing gravity.db.
  # Better be safe than sorry...
  oldAvail=false
  if [ "${availableBlocks}" -gt "$((gravityBlocks * 2))" ] && [ -f "${gravityDBfile}" ]; then
    oldAvail=true
    mv "${gravityDBfile}" "${gravityOLDfile}"
  else
    rm "${gravityDBfile}"
  fi
  mv "${gravityTEMPfile}" "${gravityDBfile}"
  echo -e "${OVER}  ${TICK} ${str}"
-  # Swap databases and remove old database
+  if $oldAvail; then
-  rm "${gravityDBfile}"
+    echo -e "  ${TICK} The old database remains available."
-  mv "${gravityTEMPfile}" "${gravityDBfile}"
+  fi
 }
 # Update timestamp when the gravity table was last updated successfully
 update_gravity_timestamp() {
-  output=$( { printf ".timeout 30000\\nINSERT OR REPLACE INTO info (property,value) values ('updated',cast(strftime('%%s', 'now') as int));" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\nINSERT OR REPLACE INTO info (property,value) values ('updated',cast(strftime('%%s', 'now') as int));" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
@@ -159,7 +167,7 @@ database_table_from_file() {
  # Get MAX(id) from domainlist when INSERTing into this table
  if [[ "${table}" == "domainlist" ]]; then
-    rowid="$(sqlite3 "${gravityDBfile}" "SELECT MAX(id) FROM domainlist;")"
+    rowid="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT MAX(id) FROM domainlist;")"
    if [[ -z "$rowid" ]]; then
      rowid=0
    fi
@@ -177,7 +185,7 @@ database_table_from_file() {
        echo "${rowid},\"${domain}\",${timestamp}" >> "${tmpFile}"
      elif [[ "${table}" == "adlist" ]]; then
        # Adlist table format
-        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\"" >> "${tmpFile}"
+        echo "${rowid},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\",,0,0,0" >> "${tmpFile}"
      else
        # White-, black-, and regexlist table format
        echo "${rowid},${type},\"${domain}\",1,${timestamp},${timestamp},\"Migrated from ${source}\"" >> "${tmpFile}"
@@ -189,7 +197,7 @@ database_table_from_file() {
  # Store domains in database table specified by ${table}
  # Use printf as .mode and .import need to be on separate lines
  # see https://unix.stackexchange.com/a/445615/83260
-  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" %s\\n" "${tmpFile}" "${table}" | sqlite3 "${gravityDBfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" %s\\n" "${tmpFile}" "${table}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
@@ -207,13 +215,69 @@ database_table_from_file() {
    echo -e "  ${CROSS} Unable to remove ${tmpFile}"
 }
 # Update timestamp of last update of this list. We store this in the "old" database as all values in the new database will later be overwritten
 database_adlist_updated() {
  output=$( { printf ".timeout 30000\\nUPDATE adlist SET date_updated = (cast(strftime('%%s', 'now') as int)) WHERE id = %i;\\n" "${1}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
    echo -e "\\n  ${CROSS} Unable to update timestamp of adlist with ID ${1} in database ${gravityDBfile}\\n  ${output}"
    gravity_Cleanup "error"
  fi
 }
 # Check if a column with name ${2} exists in gravity table with name ${1}
 gravity_column_exists() {
  output=$( { printf ".timeout 30000\\nSELECT EXISTS(SELECT * FROM pragma_table_info('%s') WHERE name='%s');\\n" "${1}" "${2}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
  if [[ "${output}" == "1" ]]; then
    return 0 # Bash 0 is success
  fi
  return 1 # Bash non-0 is failure
 }
 # Update number of domain on this list. We store this in the "old" database as all values in the new database will later be overwritten
 database_adlist_number() {
  # Only try to set number of domains when this field exists in the gravity database
  if ! gravity_column_exists "adlist" "number"; then
    return;
  fi
  output=$( { printf ".timeout 30000\\nUPDATE adlist SET number = %i, invalid_domains = %i WHERE id = %i;\\n" "${num_source_lines}" "${num_invalid}" "${1}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
    echo -e "\\n  ${CROSS} Unable to update number of domains in adlist with ID ${1} in database ${gravityDBfile}\\n  ${output}"
    gravity_Cleanup "error"
  fi
 }
 # Update status of this list. We store this in the "old" database as all values in the new database will later be overwritten
 database_adlist_status() {
  # Only try to set the status when this field exists in the gravity database
  if ! gravity_column_exists "adlist" "status"; then
    return;
  fi
  output=$( { printf ".timeout 30000\\nUPDATE adlist SET status = %i WHERE id = %i;\\n" "${2}" "${1}" | pihole-FTL sqlite3 "${gravityDBfile}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
    echo -e "\\n  ${CROSS} Unable to update status of adlist with ID ${1} in database ${gravityDBfile}\\n  ${output}"
    gravity_Cleanup "error"
  fi
 }
 # Migrate pre-v5.0 list files to database-based Pi-hole versions
 migrate_to_database() {
  # Create database file only if not present
  if [ ! -e "${gravityDBfile}" ]; then
    # Create new database file - note that this will be created in version 1
    echo -e "  ${INFO} Creating new gravity database"
-    generate_gravity_database "${gravityDBfile}"
+    if ! generate_gravity_database; then
      echo -e "   ${CROSS} Error creating new gravity database. Please contact support."
      return 1
    fi
    # Check if gravity database needs to be updated
    upgrade_gravityDB "${gravityDBfile}" "${piholeDir}"
@@ -307,10 +371,14 @@ gravity_CheckDNSResolutionAvailable() {
 gravity_DownloadBlocklists() {
  echo -e "  ${INFO} ${COL_BOLD}Neutrino emissions detected${COL_NC}..."
  if [[ "${gravityDBfile}" != "${gravityDBfile_default}" ]]; then
    echo -e "  ${INFO} Storing gravity database in ${COL_BOLD}${gravityDBfile}${COL_NC}"
  fi
  # Retrieve source URLs from gravity database
-  # We source only enabled adlists, sqlite3 stores boolean values as 0 (false) or 1 (true)
+  # We source only enabled adlists, SQLite3 stores boolean values as 0 (false) or 1 (true)
-  mapfile -t sources <<< "$(sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)"
+  mapfile -t sources <<< "$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT address FROM vw_adlist;" 2> /dev/null)"
-  mapfile -t sourceIDs <<< "$(sqlite3 "${gravityDBfile}" "SELECT id FROM vw_adlist;" 2> /dev/null)"
+  mapfile -t sourceIDs <<< "$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT id FROM vw_adlist;" 2> /dev/null)"
  # Parse source domains from $sources
  mapfile -t sourceDomains <<< "$(
@@ -324,14 +392,12 @@ gravity_DownloadBlocklists() {
  )"
  local str="Pulling blocklist source list into range"
  if [[ -n "${sources[*]}" ]] && [[ -n "${sourceDomains[*]}" ]]; then
  echo -e "${OVER}  ${TICK} ${str}"
-  else
+
-    echo -e "${OVER}  ${CROSS} ${str}"
+  if [[ -z "${sources[*]}" ]] || [[ -z "${sourceDomains[*]}" ]]; then
    echo -e "  ${INFO} No source list found, or it is empty"
    echo ""
-    return 1
+    unset sources
  fi
  local url domain agent cmd_ext str target compression
@@ -341,7 +407,7 @@ gravity_DownloadBlocklists() {
  str="Preparing new gravity database"
  echo -ne "  ${INFO} ${str}..."
  rm "${gravityTEMPfile}" > /dev/null 2>&1
-  output=$( { sqlite3 "${gravityTEMPfile}" < "${gravityDBschema}"; } 2>&1 )
+  output=$( { pihole-FTL sqlite3 "${gravityTEMPfile}" < "${gravityDBschema}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
@@ -353,7 +419,7 @@ gravity_DownloadBlocklists() {
  target="$(mktemp -p "/tmp" --suffix=".gravity")"
-  # Use compression to reduce the amount of data that is transfered
+  # Use compression to reduce the amount of data that is transferred
  # between the Pi-hole and the ad list provider. Use this feature
  # only if it is supported by the locally available version of curl
  if curl -V | grep -q "Features:.* libz"; then
@@ -383,10 +449,15 @@ gravity_DownloadBlocklists() {
    esac
    echo -e "  ${INFO} Target: ${url}"
-    local regex
+    local regex check_url
    # Check for characters NOT allowed in URLs
    regex="[^a-zA-Z0-9:/?&%=~._()-;]"
-    if [[ "${url}" =~ ${regex} ]]; then
+
    # this will remove first @ that is after schema and before domain
    # \1 is optional schema, \2 is userinfo
    check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$url" )"
    if [[ "${check_url}" =~ ${regex} ]]; then
      echo -e "  ${CROSS} Invalid Target"
    else
      gravity_DownloadBlocklistFromUrl "${url}" "${cmd_ext}" "${agent}" "${sourceIDs[$i]}" "${saveLocation}" "${target}" "${compression}"
@@ -394,9 +465,28 @@ gravity_DownloadBlocklists() {
    echo ""
  done
  str="Creating new gravity databases"
  echo -ne "  ${INFO} ${str}..."
  # Gravity copying SQL script
  copyGravity="$(cat "${gravityDBcopy}")"
  if [[ "${gravityDBfile}" != "${gravityDBfile_default}" ]]; then
    # Replace default gravity script location by custom location
    copyGravity="${copyGravity//"${gravityDBfile_default}"/"${gravityDBfile}"}"
  fi
  output=$( { pihole-FTL sqlite3 "${gravityTEMPfile}" <<< "${copyGravity}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
    echo -e "\\n  ${CROSS} Unable to copy data from ${gravityDBfile} to ${gravityTEMPfile}\\n  ${output}"
    return 1
  fi
  echo -e "${OVER}  ${TICK} ${str}"
  str="Storing downloaded domains in new gravity database"
  echo -ne "  ${INFO} ${str}..."
-  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" gravity\\n" "${target}" | sqlite3 "${gravityTEMPfile}"; } 2>&1 )
+  output=$( { printf ".timeout 30000\\n.mode csv\\n.import \"%s\" gravity\\n" "${target}" | pihole-FTL sqlite3 "${gravityTEMPfile}"; } 2>&1 )
  status="$?"
  if [[ "${status}" -ne 0 ]]; then
@@ -428,7 +518,10 @@ gravity_DownloadBlocklists() {
  gravity_Blackbody=true
 }
-total_num=0
+# num_target_lines does increase for every correctly added domain in pareseList()
 num_target_lines=0
 num_source_lines=0
 num_invalid=0
 parseList() {
  local adlistID="${1}" src="${2}" target="${3}" incorrect_lines
  # This sed does the following things:
@@ -439,18 +532,20 @@ parseList() {
  # Find (up to) five domains containing invalid characters (see above)
  incorrect_lines="$(sed -e "/[^a-zA-Z0-9.\_-]/!d" "${src}" | head -n 5)"
-  local num_lines num_target_lines num_correct_lines num_invalid
+  local num_target_lines_new num_correct_lines
  # Get number of lines in source file
-  num_lines="$(grep -c "^" "${src}")"
+  num_source_lines="$(grep -c "^" "${src}")"
-  # Get number of lines in destination file
+  # Get the new number of lines in destination file
-  num_target_lines="$(grep -c "^" "${target}")"
+  num_target_lines_new="$(grep -c "^" "${target}")"
-  num_correct_lines="$(( num_target_lines-total_num ))"
+  # Number of new correctly added lines
-  total_num="$num_target_lines"
+  num_correct_lines="$(( num_target_lines_new-num_target_lines ))"
-  num_invalid="$(( num_lines-num_correct_lines ))"
+  # Upate number of lines in target file
  num_target_lines="$num_target_lines_new"
  num_invalid="$(( num_source_lines-num_correct_lines ))"
  if [[ "${num_invalid}" -eq 0 ]]; then
-    echo "  ${INFO} Received ${num_lines} domains"
+    echo "  ${INFO} Analyzed ${num_source_lines} domains"
  else
-    echo "  ${INFO} Received ${num_lines} domains, ${num_invalid} domains invalid!"
+    echo "  ${INFO} Analyzed ${num_source_lines} domains, ${num_invalid} domains invalid!"
  fi
  # Display sample of invalid lines if we found some
@@ -461,11 +556,34 @@ parseList() {
    done <<< "${incorrect_lines}"
  fi
 }
 compareLists() {
  local adlistID="${1}" target="${2}"
  # Verify checksum when an older checksum exists
  if [[ -s "${target}.sha1" ]]; then
    if ! sha1sum --check --status --strict "${target}.sha1"; then
      # The list changed upstream, we need to update the checksum
      sha1sum "${target}" > "${target}.sha1"
      echo "  ${INFO} List has been updated"
      database_adlist_status "${adlistID}" "1"
      database_adlist_updated "${adlistID}"
    else
      echo "  ${INFO} List stayed unchanged"
      database_adlist_status "${adlistID}" "2"
    fi
  else
    # No checksum available, create one for comparing on the next run
    sha1sum "${target}" > "${target}.sha1"
    # We assume here it was changed upstream
    database_adlist_status "${adlistID}" "1"
    database_adlist_updated "${adlistID}"
  fi
 }
 # Download specified URL and perform checks on HTTP status and file content
 gravity_DownloadBlocklistFromUrl() {
  local url="${1}" cmd_ext="${2}" agent="${3}" adlistID="${4}" saveLocation="${5}" target="${6}" compression="${7}"
-  local heisenbergCompensator="" patternBuffer str httpCode success=""
+  local heisenbergCompensator="" patternBuffer str httpCode success="" ip
  # Create temp file to store content on disk instead of RAM
  patternBuffer=$(mktemp -p "/tmp" --suffix=".phgpb")
@@ -483,13 +601,20 @@ gravity_DownloadBlocklistFromUrl() {
  blocked=false
  case $BLOCKINGMODE in
    "IP-NODATA-AAAA"|"IP")
-        if [[ $(dig "${domain}" +short | grep "${IPV4_ADDRESS}" -c) -ge 1 ]]; then
+      # Get IP address of this domain
      ip="$(dig "${domain}" +short)"
      # Check if this IP matches any IP of the system
      if [[ -n "${ip}" && $(grep -Ec "inet(|6) ${ip}" <<< "$(ip a)") -gt 0 ]]; then
        blocked=true
      fi;;
    "NXDOMAIN")
      if [[ $(dig "${domain}" | grep "NXDOMAIN" -c) -ge 1 ]]; then
        blocked=true
      fi;;
    "NODATA")
      if [[ $(dig "${domain}" | grep "NOERROR" -c) -ge 1 ]] && [[ -z $(dig +short "${domain}") ]]; then
         blocked=true
      fi;;
    "NULL"|*)
      if [[ $(dig "${domain}" +short | grep "0.0.0.0" -c) -ge 1 ]]; then
        blocked=true
@@ -544,29 +669,49 @@ gravity_DownloadBlocklistFromUrl() {
      esac;;
  esac
  local done="false"
  # Determine if the blocklist was downloaded and saved correctly
  if [[ "${success}" == true ]]; then
    if [[ "${httpCode}" == "304" ]]; then
      # Add domains to database table file
      parseList "${adlistID}" "${saveLocation}" "${target}"
      database_adlist_status "${adlistID}" "2"
      database_adlist_number "${adlistID}"
      done="true"
    # Check if $patternbuffer is a non-zero length file
    elif [[ -s "${patternBuffer}" ]]; then
      # Determine if blocklist is non-standard and parse as appropriate
      gravity_ParseFileIntoDomains "${patternBuffer}" "${saveLocation}"
      # Add domains to database table file
      parseList "${adlistID}" "${saveLocation}" "${target}"
      # Compare lists, are they identical?
      compareLists "${adlistID}" "${saveLocation}"
      # Update gravity database table (status and updated timestamp are set in
      # compareLists)
      database_adlist_number "${adlistID}"
      done="true"
    else
      # Fall back to previously cached list if $patternBuffer is empty
-      echo -e "  ${INFO} Received empty file: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}"
+      echo -e "  ${INFO} Received empty file"
    fi
-  else
+  fi
  # Do we need to fall back to a cached list (if available)?
  if [[ "${done}" != "true" ]]; then
    # Determine if cached list has read permission
    if [[ -r "${saveLocation}" ]]; then
      echo -e "  ${CROSS} List download failed: ${COL_LIGHT_GREEN}using previously cached list${COL_NC}"
      # Add domains to database table file
      parseList "${adlistID}" "${saveLocation}" "${target}"
      database_adlist_number "${adlistID}"
      database_adlist_status "${adlistID}" "3"
    else
      echo -e "  ${CROSS} List download failed: ${COL_LIGHT_RED}no cached list available${COL_NC}"
      # Manually reset these two numbers because we do not call parseList here
      num_source_lines=0
      num_invalid=0
      database_adlist_number "${adlistID}"
      database_adlist_status "${adlistID}" "4"
    fi
  fi
 }
@@ -578,7 +723,7 @@ gravity_ParseFileIntoDomains() {
  # Determine if we are parsing a consolidated list
  #if [[ "${source}" == "${piholeDir}/${matterAndLight}" ]]; then
    # Remove comments and print only the domain name
-    # Most of the lists downloaded are already in hosts file format but the spacing/formating is not contiguous
+    # Most of the lists downloaded are already in hosts file format but the spacing/formatting is not contiguous
    # This helps with that and makes it easier to read
    # It also helps with debugging so each stage of the script can be researched more in depth
    # 1) Remove carriage returns
@@ -646,12 +791,12 @@ gravity_Table_Count() {
  local table="${1}"
  local str="${2}"
  local num
-  num="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM ${table};")"
+  num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM ${table};")"
  if [[ "${table}" == "vw_gravity" ]]; then
    local unique
-    unique="$(sqlite3 "${gravityDBfile}" "SELECT COUNT(DISTINCT domain) FROM ${table};")"
+    unique="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(DISTINCT domain) FROM ${table};")"
    echo -e "  ${INFO} Number of ${str}: ${num} (${COL_BOLD}${unique} unique domains${COL_NC})"
-    sqlite3 "${gravityDBfile}" "INSERT OR REPLACE INTO info (property,value) VALUES ('gravity_count',${unique});"
+    pihole-FTL sqlite3 "${gravityDBfile}" "INSERT OR REPLACE INTO info (property,value) VALUES ('gravity_count',${unique});"
  else
    echo -e "  ${INFO} Number of ${str}: ${num}"
  fi
@@ -666,43 +811,12 @@ gravity_ShowCount() {
  gravity_Table_Count "vw_regex_whitelist" "regex whitelist filters"
 }
 # Parse list of domains into hosts format
 gravity_ParseDomainsIntoHosts() {
  awk -v ipv4="$IPV4_ADDRESS" -v ipv6="$IPV6_ADDRESS" '{
    # Remove windows CR line endings
    sub(/\r$/, "")
    # Parse each line as "ipaddr domain"
    if(ipv6 && ipv4) {
      print ipv4" "$0"\n"ipv6" "$0
    } else if(!ipv6) {
      print ipv4" "$0
    } else {
      print ipv6" "$0
    }
  }' >> "${2}" < "${1}"
 }
 # Create "localhost" entries into hosts format
 gravity_generateLocalList() {
  local hostname
  if [[ -s "/etc/hostname" ]]; then
    hostname=$(< "/etc/hostname")
  elif command -v hostname &> /dev/null; then
    hostname=$(hostname -f)
  else
    echo -e "  ${CROSS} Unable to determine fully qualified domain name of host"
    return 0
  fi
  echo -e "${hostname}\\npi.hole" > "${localList}.tmp"
  # Empty $localList if it already exists, otherwise, create it
-  : > "${localList}"
+  echo "### Do not modify this file, it will be overwritten by pihole -g" > "${localList}"
  chmod 644 "${localList}"
  gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}"
  # Add additional LAN hosts provided by OpenVPN (if available)
  if [[ -f "${VPNList}" ]]; then
    awk -F, '{printf $2"\t"$1".vpn\n"}' "${VPNList}" >> "${localList}"
@@ -740,21 +854,6 @@ gravity_Cleanup() {
  echo -e "${OVER}  ${TICK} ${str}"
  if ${optimize_database} ; then
    str="Optimizing domains database"
    echo -ne "  ${INFO} ${str}..."
    # Run VACUUM command on database to optimize it
    output=$( { sqlite3 "${gravityDBfile}" "VACUUM;"; } 2>&1 )
    status="$?"
    if [[ "${status}" -ne 0 ]]; then
      echo -e "\\n  ${CROSS} Unable to optimize gravity database ${gravityDBfile}\\n  ${output}"
      error="error"
    else
      echo -e "${OVER}  ${TICK} ${str}"
    fi
  fi
  # Only restart DNS service if offline
  if ! pgrep pihole-FTL &> /dev/null; then
    "${PIHOLE_COMMAND}" restartdns
@@ -768,6 +867,49 @@ gravity_Cleanup() {
  fi
 }
 database_recovery() {
  local result
  local str="Checking integrity of existing gravity database"
  local option="${1}"
  echo -ne "  ${INFO} ${str}..."
  if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA integrity_check" 2>&1)"; then
    echo -e "${OVER}  ${TICK} ${str} - no errors found"
    str="Checking foreign keys of existing gravity database"
    echo -ne "  ${INFO} ${str}..."
    if result="$(pihole-FTL sqlite3 "${gravityDBfile}" "PRAGMA foreign_key_check" 2>&1)"; then
      echo -e "${OVER}  ${TICK} ${str} - no errors found"
      if [[ "${option}" != "force" ]]; then
        return
      fi
    else
      echo -e "${OVER}  ${CROSS} ${str} - errors found:"
      while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
    fi
  else
    echo -e "${OVER}  ${CROSS} ${str} - errors found:"
    while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
  fi
  str="Trying to recover existing gravity database"
  echo -ne "  ${INFO} ${str}..."
  # We have to remove any possibly existing recovery database or this will fail
  rm -f "${gravityDBfile}.recovered" > /dev/null 2>&1
  if result="$(pihole-FTL sqlite3 "${gravityDBfile}" ".recover" | pihole-FTL sqlite3 "${gravityDBfile}.recovered" 2>&1)"; then
    echo -e "${OVER}  ${TICK} ${str} - success"
    mv "${gravityDBfile}" "${gravityDBfile}.old"
    mv "${gravityDBfile}.recovered" "${gravityDBfile}"
    echo -ne " ${INFO} ${gravityDBfile} has been recovered"
    echo -ne " ${INFO} The old ${gravityDBfile} has been moved to ${gravityDBfile}.old"
  else
    echo -e "${OVER}  ${CROSS} ${str} - the following errors happened:"
    while IFS= read -r line ; do echo "  - $line"; done <<< "$result"
    echo -e "  ${CROSS} Recovery failed. Try \"pihole -r recreate\" instead."
    exit 1
  fi
  echo ""
 }
 helpFunc() {
  echo "Usage: pihole -g
 Update domains from blocklists specified in adlists.list
@@ -778,20 +920,51 @@ Options:
  exit 0
 }
 repairSelector() {
  case "$1" in
    "recover") recover_database=true;;
    "recreate") recreate_database=true;;
    *) echo "Usage: pihole -g -r {recover,recreate}
 Attempt to repair gravity database
 Available options:
  pihole -g -r recover        Try to recover a damaged gravity database file.
                              Pi-hole tries to restore as much as possible
                              from a corrupted gravity database.
  pihole -g -r recover force  Pi-hole will run the recovery process even when
                              no damage is detected. This option is meant to be
                              a last resort. Recovery is a fragile task
                              consuming a lot of resources and shouldn't be
                              performed unnecessarily.
  pihole -g -r recreate       Create a new gravity database file from scratch.
                              This will remove your existing gravity database
                              and create a new file from scratch. If you still
                              have the migration backup created when migrating
                              to Pi-hole v5.0, Pi-hole will import these files."
    exit 0;;
  esac
 }
 for var in "$@"; do
  case "${var}" in
    "-f" | "--force" ) forceDelete=true;;
-    "-o" | "--optimize" ) optimize_database=true;;
+    "-r" | "--repair" ) repairSelector "$3";;
    "-r" | "--recreate" ) recreate_database=true;;
    "-h" | "--help" ) helpFunc;;
  esac
 done
 # Remove OLD (backup) gravity file, if it exists
 if [[ -f "${gravityOLDfile}" ]]; then
  rm "${gravityOLDfile}"
 fi
 # Trap Ctrl-C
 gravity_Trap
 if [[ "${recreate_database:-}" == true ]]; then
-  str="Restoring from migration backup"
+  str="Recreating gravity database from migration backup"
  echo -ne "${INFO} ${str}..."
  rm "${gravityDBfile}"
  pushd "${piholeDir}" > /dev/null || exit
@@ -800,8 +973,15 @@ if [[ "${recreate_database:-}" == true ]]; then
  echo -e "${OVER}  ${TICK} ${str}"
 fi
 if [[ "${recover_database:-}" == true ]]; then
  database_recovery "$4"
 fi
 # Move possibly existing legacy files to the gravity database
-migrate_to_database
+if ! migrate_to_database; then
  echo -e "   ${CROSS} Unable to migrate to database. Please contact support."
  exit 1
 fi
 if [[ "${forceDelete:-}" == true ]]; then
  str="Deleting existing list cache"
@@ -812,14 +992,21 @@ if [[ "${forceDelete:-}" == true ]]; then
 fi
 # Gravity downloads blocklists next
-gravity_CheckDNSResolutionAvailable
+if ! gravity_CheckDNSResolutionAvailable; then
  echo -e "   ${CROSS} Can not complete gravity update, no DNS is available. Please contact support."
  exit 1
 fi
 gravity_DownloadBlocklists
 # Create local.list
 gravity_generateLocalList
 # Migrate rest of the data from old to new database
-gravity_swap_databases
+if ! gravity_swap_databases; then
  echo -e "   ${CROSS} Unable to create database. Please contact support."
  exit 1
 fi
 # Update gravity timestamp
 update_gravity_timestamp
--- a/manpages/pihole-FTL.8
+++ b/manpages/pihole-FTL.8
@@ -1,4 +1,4 @@
-.TH "Pihole-FTL" "8" "pihole-FTL" "Pi-hole" "June 2018"
+.TH "Pihole-FTL" "8" "pihole-FTL" "Pi-hole" "November 2020"
 .SH "NAME"
 pihole-FTL - Pi-hole : The Faster-Than-Light (FTL) Engine
 .br
@@ -10,7 +10,7 @@ pihole-FTL - Pi-hole : The Faster-Than-Light (FTL) Engine
 .br
 \fBpihole-FTL test\fR
 .br
-\fBpihole-FTL -v\fR
+\fBpihole-FTL -v|-vv\fR
 .br
 \fBpihole-FTL -t\fR
 .br
@@ -22,6 +22,16 @@ pihole-FTL - Pi-hole : The Faster-Than-Light (FTL) Engine
 .br
 \fBpihole-FTL dnsmasq-test\fR
 .br
 \fBpihole-FTL regex-test str\fR
 .br
 \fBpihole-FTL regex-test str rgx\fR
 .br
 \fBpihole-FTL lua\fR
 .br
 \fBpihole-FTL luac\fR
 .br
 \fBpihole-FTL dhcp-discover\fR
 .br
 \fBpihole-FTL --\fR (\fBoptions\fR)
 .br
@@ -65,6 +75,11 @@ Command line arguments
    Don't start FTL, show only version
 .br
 \fB-vv\fR
 .br
    Don't start FTL, show verbose version information of embedded applications
 .br
 \fB-t, tag\fR
 .br
    Don't start FTL, show only git tag
@@ -90,6 +105,31 @@ Command line arguments
    Test resolver config file syntax
 .br
 \fBregex-test str\fR
 .br
    Test str against all regular expressions in the database
 .br
 \fBregex-test str rgx\fR
 .br
    Test str against regular expression given by rgx
 .br
 \fBlua\fR
 .br
    Start the embedded Lua interpreter
 .br
 \fBluac\fR
 .br
    Execute the embedded Lua compiler
 .br
 \fBdhcp-discover\fR
 .br
    Discover DHCP servers in the local network
 .br
 \fB--\fR  (options)
 .br
    Pass options to internal dnsmasq resolver
@@ -104,7 +144,9 @@ Command line arguments can be arbitrarily combined, e.g:
 Start ftl in foreground with more verbose logging, process everything and shutdown immediately
 .br
 .SH "SEE ALSO"
-\fBpihole\fR(8), \fBpihole-FTL.conf\fR(5)
+\fBpihole\fR(8)
 .br
 \fBFor FTL's config options please see https://docs.pi-hole.net/ftldns/configfile/\fR
 .br
 .SH "COLOPHON"
--- a/manpages/pihole-FTL.conf.5
+++ b/manpages/pihole-FTL.conf.5
@@ -1,104 +0,0 @@
 .TH "pihole-FTL.conf" "5" "pihole-FTL.conf" "pihole-FTL.conf" "June 2018"
 .SH "NAME"
 pihole-FTL.conf - FTL's config file
 .br
 .SH "DESCRIPTION"
 /etc/pihole/pihole-FTL.conf will be read by \fBpihole-FTL(8)\fR on startup.
 .br
 \fBSOCKET_LISTENING=localonly|all\fR
 .br
    Listen only for local socket connections or permit all connections
 .br
 \fBQUERY_DISPLAY=yes|no\fR
 .br
    Display all queries? Set to no to hide query display
 .br
 \fBAAAA_QUERY_ANALYSIS=yes|no\fR
 .br
    Allow FTL to analyze AAAA queries from pihole.log?
 .br
 \fBRESOLVE_IPV6=yes|no\fR
 .br
    Should FTL try to resolve IPv6 addresses to host names?
 .br
 \fBRESOLVE_IPV4=yes|no\fR
 .br
    Should FTL try to resolve IPv4 addresses to host names?
 .br
 \fBMAXDBDAYS=365\fR
 .br
    How long should queries be stored in the database?
 .br
    Setting this to 0 disables the database
 .br
 \fBDBINTERVAL=1.0\fR
 .br
    How often do we store queries in FTL's database [minutes]?
 .br
 \fBDBFILE=/etc/pihole/pihole-FTL.db\fR
 .br
    Specify path and filename of FTL's SQLite long-term database.
 .br
    Setting this to DBFILE= disables the database altogether
 .br
 \fBMAXLOGAGE=24.0\fR
 .br
    Up to how many hours of queries should be imported from the database and logs?
 .br
    Maximum is 744 (31 days)
 .br
 \fBFTLPORT=4711\fR
 .br
    On which port should FTL be listening?
 .br
 \fBPRIVACYLEVEL=0|1|2|3|4\fR
 .br
    Which privacy level is used?
 .br
    0 - show everything
 .br
    1 - hide domains
 .br
    2 - hide domains and clients
 .br
    3 - anonymous mode (hide everything)
 .br
    4 - disable all statistics
 .br
 \fBIGNORE_LOCALHOST=no|yes\fR
 .br
    Should FTL ignore queries coming from the local machine?
 .br
 \fBBLOCKINGMODE=IP|IP-AAAA-NODATA|NXDOMAIN|NULL\fR
 .br
    How should FTL reply to blocked queries?
 .br
 For each setting, the option shown first is the default.
 .br
 .SH "SEE ALSO"
 \fBpihole\fR(8), \fBpihole-FTL\fR(8)
 .br
 .SH "COLOPHON"
 Pi-hole : The Faster-Than-Light (FTL) Engine is a lightweight, purpose-built daemon used to provide statistics needed for the Pi-hole Web Interface, and its API can be easily integrated into your own projects. Although it is an optional component of the Pi-hole ecosystem, it will be installed by default to provide statistics. As the name implies, FTL does its work \fIvery quickly\fR!
 .br
 Get sucked into the latest news and community activity by entering Pi-hole's orbit. Information about Pi-hole, and the latest version of the software can be found at https://pi-hole.net
 .br
--- a/manpages/pihole.8
+++ b/manpages/pihole.8
@@ -56,7 +56,7 @@ Available commands and options:
 \fB-w, whitelist\fR [options] [<domain1> <domain2 ...>]
 .br
-    Adds or removes specified domain or domains tho the Whitelist
+    Adds or removes specified domain or domains to the Whitelist
 .br
 \fB-b, blacklist\fR [options] [<domain1> <domain2 ...>]
@@ -139,7 +139,7 @@ Available commands and options:
      -i, interface     Specify dnsmasq's interface listening behavior
 .br
      -l, privacylevel  <level> Set privacy level
-                        (0 = lowest, 4 = highest)
+                        (0 = lowest, 3 = highest)
 .br
 \fB-c, chronometer\fR	[options]
@@ -153,7 +153,7 @@ Available commands and options:
 .br
      -r, --refresh     Set update frequency (in seconds)
 .br
-      -e, --exit        Output stats and exit witout refreshing
+      -e, --exit        Output stats and exit without refreshing
 .br
 \fB-g, updateGravity\fR
--- a/156
+++ b/156
@@ -16,10 +16,14 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
 # error due to modifying a readonly variable.
 setupVars="/etc/pihole/setupVars.conf"
 PI_HOLE_BIN_DIR="/usr/local/bin"
 readonly FTL_PID_FILE="/run/pihole-FTL.pid"
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
 source "${colfile}"
 readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
 source "${utilsfile}"
 webpageFunc() {
  source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
  main "$@"
@@ -70,8 +74,7 @@ reconfigurePiholeFunc() {
 }
 updateGravityFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
+  exec "${PI_HOLE_SCRIPT_DIR}"/gravity.sh "$@"
  exit $?
 }
 queryFunc() {
@@ -94,12 +97,28 @@ uninstallFunc() {
 versionFunc() {
  shift
-  "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
+  exec "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
-  exit 0
+}
 # Get PID of main pihole-FTL process
 getFTLPID() {
  local pid
  if [ -s "${FTL_PID_FILE}" ]; then
    # -s: FILE exists and has a size greater than zero
    pid="$(<"$FTL_PID_FILE")"
    # Exploit prevention: unset the variable if there is malicious content
    # Verify that the value read from the file is numeric
    [[ "$pid" =~ [^[:digit:]] ]] && unset pid
  fi
  # If FTL is not running, or the PID file contains malicious stuff, substitute
  # negative PID to signal this to the caller
  echo "${pid:=-1}"
 }
 restartDNS() {
-  local svcOption svc str output status
+  local svcOption svc str output status pid icon
  svcOption="${1:-restart}"
  # Determine if we should reload or restart
@@ -108,17 +127,34 @@ restartDNS() {
    # Note 1: This will NOT re-read any *.conf files
    # Note 2: We cannot use killall here as it does
    #         not know about real-time signals
-    svc="pkill -RTMIN pihole-FTL"
+    pid="$(getFTLPID)"
    if [[ "$pid" -eq "-1" ]]; then
      svc="true"
      str="FTL is not running"
      icon="${INFO}"
    else
      svc="kill -RTMIN ${pid}"
      str="Reloading DNS lists"
      icon="${TICK}"
    fi
  elif [[ "${svcOption}" =~ "reload" ]]; then
    # Reloading of the DNS cache has been requested
    # Note: This will NOT re-read any *.conf files
-    svc="pkill -HUP pihole-FTL"
+    pid="$(getFTLPID)"
    if [[ "$pid" -eq "-1" ]]; then
      svc="true"
      str="FTL is not running"
      icon="${INFO}"
    else
      svc="kill -HUP ${pid}"
      str="Flushing DNS cache"
      icon="${TICK}"
    fi
  else
    # A full restart has been requested
    svc="service pihole-FTL restart"
    str="Restarting DNS server"
    icon="${TICK}"
  fi
  # Print output to Terminal, but not to Web Admin
@@ -128,7 +164,7 @@ restartDNS() {
  status="$?"
  if [[ "${status}" -eq 0 ]]; then
-    [[ -t 1 ]] && echo -e "${OVER}  ${TICK} ${str}"
+    [[ -t 1 ]] && echo -e "${OVER}  ${icon} ${str}"
    return 0
  else
    [[ ! -t 1 ]] && local OVER=""
@@ -190,8 +226,7 @@ Time:
      fi
      local str="Pi-hole Disabled"
-      sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
+      addOrEditKeyValPair "BLOCKING_ENABLED" "false" "${setupVars}"
      echo "BLOCKING_ENABLED=false" >> "${setupVars}"
    fi
  else
    # Enable Pi-hole
@@ -203,11 +238,10 @@ Time:
    echo -e "  ${INFO} Enabling blocking"
    local str="Pi-hole Enabled"
-    sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
+    addOrEditKeyValPair "BLOCKING_ENABLED" "true" "${setupVars}"
    echo "BLOCKING_ENABLED=true" >> "${setupVars}"
  fi
-  restartDNS reload
+  restartDNS reload-lists
  echo -e "${OVER}  ${TICK} ${str}"
 }
@@ -227,7 +261,7 @@ Options:
  elif [[ "${1}" == "off" ]]; then
    # Disable logging
    sed -i 's/^log-queries/#log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    sed -i 's/^QUERY_LOGGING=true/QUERY_LOGGING=false/' /etc/pihole/setupVars.conf
+    addOrEditKeyValPair "QUERY_LOGGING" "false" "${setupVars}"
    if [[ "${2}" != "noflush" ]]; then
      # Flush logs
      "${PI_HOLE_BIN_DIR}"/pihole -f
@@ -237,7 +271,7 @@ Options:
  elif [[ "${1}" == "on" ]]; then
    # Enable logging
    sed -i 's/^#log-queries/log-queries/' /etc/dnsmasq.d/01-pihole.conf
-    sed -i 's/^QUERY_LOGGING=false/QUERY_LOGGING=true/' /etc/pihole/setupVars.conf
+    addOrEditKeyValPair "QUERY_LOGGING" "true" "${setupVars}"
    echo -e "  ${INFO} Enabling logging..."
    local str="Logging has been enabled!"
  else
@@ -250,27 +284,29 @@ Options:
 }
 analyze_ports() {
  local lv4 lv6 port=${1}
  # FTL is listening at least on at least one port when this
  # function is getting called
  echo -e "  ${TICK} DNS service is listening"
  # Check individual address family/protocol combinations
  # For a healthy Pi-hole, they should all be up (nothing printed)
-  if grep -q "IPv4.*UDP" <<< "${1}"; then
+  lv4="$(ss --ipv4 --listening --numeric --tcp --udp src :${port})"
  if grep -q "udp " <<< "${lv4}"; then
      echo -e "     ${TICK} UDP (IPv4)"
  else
      echo -e "     ${CROSS} UDP (IPv4)"
  fi
-  if grep -q "IPv4.*TCP" <<< "${1}"; then
+  if grep -q "tcp " <<< "${lv4}"; then
      echo -e "     ${TICK} TCP (IPv4)"
  else
      echo -e "     ${CROSS} TCP (IPv4)"
  fi
-  if grep -q "IPv6.*UDP" <<< "${1}"; then
+  lv6="$(ss --ipv6 --listening --numeric --tcp --udp src :${port})"
  if grep -q "udp " <<< "${lv6}"; then
      echo -e "     ${TICK} UDP (IPv6)"
  else
      echo -e "     ${CROSS} UDP (IPv6)"
  fi
-  if grep -q "IPv6.*TCP" <<< "${1}"; then
+  if grep -q "tcp " <<< "${lv6}"; then
      echo -e "     ${TICK} TCP (IPv6)"
  else
      echo -e "     ${CROSS} TCP (IPv6)"
@@ -279,19 +315,32 @@ analyze_ports() {
 }
 statusFunc() {
-  # Determine if there is a pihole service is listening on port 53
+  # Determine if there is pihole-FTL service is listening
-  local listening
+  local pid port ftl_api_port
-  listening="$(lsof -Pni:53)"
+
-  if grep -q "pihole" <<< "${listening}"; then
+  pid="$(getFTLPID)"
-    if [[ "${1}" != "web" ]]; then
+  ftl_api_port="$(getFTLAPIPort)"
-      analyze_ports "${listening}"
+  if [[ "$pid" -eq "-1" ]]; then
-    fi
+    case "${1}" in
      "web") echo "-1";;
      *) echo -e "  ${CROSS} DNS service is NOT running";;
    esac
    return 0
  else
    #get the DNS port pihole-FTL is listening on by using FTL's telnet API
    port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
    if [[ "${port}" == "0" ]]; then
      case "${1}" in
        "web") echo "-1";;
        *) echo -e "  ${CROSS} DNS service is NOT listening";;
      esac
      return 0
    else
      if [[ "${1}" != "web" ]]; then
        echo -e "  ${TICK} FTL is listening on port ${port}"
        analyze_ports "${port}"
      fi
    fi
  fi
  # Determine if Pi-hole's blocking is enabled
@@ -304,18 +353,19 @@ statusFunc() {
  elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf;  then
    # Configs are set
    case "${1}" in
-      "web") echo 1;;
+      "web") echo "$port";;
      *) echo -e "  ${TICK} Pi-hole blocking is enabled";;
    esac
  else
    # No configs were found
    case "${1}" in
-      "web") echo 99;;
+      "web") echo -2;;
      *) echo -e "  ${INFO} Pi-hole blocking will be enabled";;
    esac
    # Enable blocking
    "${PI_HOLE_BIN_DIR}"/pihole enable
  fi
 }
 tailFunc() {
@@ -328,16 +378,13 @@ tailFunc() {
  fi
  echo -e "  ${INFO} Press Ctrl-C to exit"
  # Retrieve IPv4/6 addresses
  source /etc/pihole/setupVars.conf
  # Strip date from each line
  # Color blocklist/blacklist/wildcard entries as red
  # Color A/AAAA/DHCP strings as white
  # Color everything else as gray
-  tail -f /var/log/pihole.log | sed -E \
+  tail -f /var/log/pihole.log | grep --line-buffered "${1}" | sed -E \
    -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
-    -e "s,(.*(blacklisted |gravity blocked ).* is (0.0.0.0|::|NXDOMAIN|${IPV4_ADDRESS%/*}|${IPV6_ADDRESS:-NULL}).*),${COL_RED}&${COL_NC}," \
+    -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \
    -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
    -e "s,.*,${COL_GRAY}&${COL_NC},"
  exit 0
@@ -367,34 +414,24 @@ Branches:
 }
 tricorderFunc() {
  local tricorder_token
  if [[ ! -p "/dev/stdin" ]]; then
    echo -e "  ${INFO} Please do not call Tricorder directly"
    exit 1
  fi
-  if ! (echo > /dev/tcp/tricorder.pi-hole.net/9998) >/dev/null 2>&1; then
+  tricorder_token=$(curl --silent --fail --show-error --upload-file "-" https://tricorder.pi-hole.net/upload < /dev/stdin 2>&1)
-    echo -e "  ${CROSS} Unable to connect to Pi-hole's Tricorder server"
+  if [[ "${tricorder_token}" != "https://tricorder.pi-hole.net/"* ]]; then
      echo -e "${CROSS} uploading failed, contact Pi-hole support for assistance."
      # Log curl error (if available)
      if [ -n "${tricorder_token}" ]; then
          echo -e "${INFO} Error message: ${COL_RED}${tricorder_token}${COL_NC}\\n"
          tricorder_token=""
      fi
      exit 1
  fi
-
+  echo "Upload successful, your token is: ${COL_GREEN}${tricorder_token}${COL_NC}"
-  if command -v openssl &> /dev/null; then
+  exit 0
    openssl s_client -quiet -connect tricorder.pi-hole.net:9998 2> /dev/null < /dev/stdin
    exit "$?"
  else
    echo -e "  ${INFO} ${COL_YELLOW}Security Notice${COL_NC}: ${COL_WHITE}openssl${COL_NC} is not installed
       Your debug log will be transmitted unencrypted via plain-text
       There is a possibility that this could be intercepted by a third party
       If you wish to cancel, press Ctrl-C to exit within 10 seconds"
    secs="10"
    while [[ "$secs" -gt "0" ]]; do
       echo -ne "."
       sleep 1
       : $((secs--))
    done
    echo " "
    nc tricorder.pi-hole.net 9999 < /dev/stdin
    exit "$?"
  fi
 }
 updateCheckFunc() {
@@ -418,10 +455,13 @@ Whitelist/Blacklist Options:
 Debugging Options:
  -d, debug           Start a debugging session
-                        Add '-a' to enable automated debugging
+                        Add '-a' to automatically upload the log to tricorder.pi-hole.net
  -f, flush           Flush the Pi-hole log
  -r, reconfigure     Reconfigure or Repair Pi-hole subsystems
-  -t, tail            View the live output of the Pi-hole log
+  -t, tail [arg]      View the live output of the Pi-hole log.
                      Add an optional argument to filter the log
                      (regular expressions are supported)
 Options:
  -a, admin           Web interface options
@@ -495,7 +535,7 @@ case "${1}" in
  "status"                      ) statusFunc "$2";;
  "restartdns"                  ) restartDNS "$2";;
  "-a" | "admin"                ) webpageFunc "$@";;
-  "-t" | "tail"                 ) tailFunc;;
+  "-t" | "tail"                 ) tailFunc "$2";;
  "checkout"                    ) piholeCheckoutFunc "$@";;
  "tricorder"                   ) tricorderFunc;;
  "updatechecker"               ) updateCheckFunc "$@";;
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +0,0 @@
 docker-compose==1.23.2
 pytest==4.3.0
 pytest-xdist==1.26.1
 pytest-cov==2.6.1
 testinfra==1.19.0
 tox==3.7.0
--- a/supportedos.txt
+++ b/supportedos.txt
@@ -1,5 +0,0 @@
 Raspbian=9,10
 Ubuntu=16,18,20
 Debian=9,10
 Fedora=31,32
 CentOS=7,8
--- a/test/_centos_7.Dockerfile
+++ b/test/_centos_7.Dockerfile
@@ -1,4 +1,5 @@
 FROM centos:7
 RUN yum install -y git
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -12,5 +13,6 @@ RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_centos_8.Dockerfile
+++ b/test/_centos_8.Dockerfile
@@ -0,0 +1,18 @@
 FROM quay.io/centos/centos:stream8
 RUN yum install -y git
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_10.Dockerfile
+++ b/test/_debian_10.Dockerfile
@@ -1,4 +1,4 @@
-FROM buildpack-deps:jessie-scm
+FROM buildpack-deps:buster-scm
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -12,5 +12,6 @@ RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_11.Dockerfile
+++ b/test/_debian_11.Dockerfile
@@ -0,0 +1,17 @@
 FROM buildpack-deps:bullseye-scm
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_debian_9.Dockerfile
+++ b/test/_debian_9.Dockerfile
@@ -0,0 +1,17 @@
 FROM buildpack-deps:stretch-scm
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_fedora_33.Dockerfile
+++ b/test/_fedora_33.Dockerfile
@@ -0,0 +1,18 @@
 FROM fedora:33
 RUN dnf install -y git
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_fedora_34.Dockerfile
+++ b/test/_fedora_34.Dockerfile
@@ -0,0 +1,18 @@
 FROM fedora:34
 RUN dnf install -y git
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_16.Dockerfile
+++ b/test/_ubuntu_16.Dockerfile
@@ -0,0 +1,17 @@
 FROM buildpack-deps:xenial-scm
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_18.Dockerfile
+++ b/test/_ubuntu_18.Dockerfile
@@ -1,4 +1,4 @@
-FROM fedora:30
+FROM buildpack-deps:bionic-scm
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
@@ -12,5 +12,6 @@ RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_20.Dockerfile
+++ b/test/_ubuntu_20.Dockerfile
@@ -0,0 +1,18 @@
 FROM buildpack-deps:focal-scm
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/_ubuntu_21.Dockerfile
+++ b/test/_ubuntu_21.Dockerfile
@@ -0,0 +1,18 @@
 FROM buildpack-deps:impish-scm
 ENV GITDIR /etc/.pihole
 ENV SCRIPTDIR /opt/pihole
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
 RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
 ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 ENV DEBIAN_FRONTEND=noninteractive
 RUN true && \
    chmod +x $SCRIPTDIR/*
 ENV PH_TEST true
 ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \
--- a/test/conftest.py
+++ b/test/conftest.py
@@ -1,96 +1,52 @@
 import pytest
 import testinfra
 import testinfra.backend.docker
 import subprocess
 from textwrap import dedent
 check_output = testinfra.get_backend(
    "local://"
 ).get_module("Command").check_output
 SETUPVARS = {
    'PIHOLE_INTERFACE': 'eth99',
    'IPV4_ADDRESS': '1.1.1.1',
    'IPV6_ADDRESS': 'FE80::240:D0FF:FE48:4672',
    'PIHOLE_DNS_1': '4.2.2.1',
    'PIHOLE_DNS_2': '4.2.2.2'
 }
 IMAGE = 'pytest_pihole:test_container'
 tick_box = "[\x1b[1;32m\u2713\x1b[0m]"
 cross_box = "[\x1b[1;31m\u2717\x1b[0m]"
 info_box = "[i]"
-@pytest.fixture
+# Monkeypatch sh to bash, if they ever support non hard code /bin/sh this can go away
-def Pihole(Docker):
+# https://github.com/pytest-dev/pytest-testinfra/blob/master/testinfra/backend/docker.py
    '''
    used to contain some script stubbing, now pretty much an alias.
    Also provides bash as the default run function shell
    '''
 def run_bash(self, command, *args, **kwargs):
    cmd = self.get_command(command, *args)
    if self.user is not None:
        out = self.run_local(
-                "docker exec -u %s %s /bin/bash -c %s",
+            "docker exec -u %s %s /bin/bash -c %s", self.user, self.name, cmd
-                self.user, self.name, cmd)
+        )
    else:
-            out = self.run_local(
+        out = self.run_local("docker exec %s /bin/bash -c %s", self.name, cmd)
                "docker exec %s /bin/bash -c %s", self.name, cmd)
    out.command = self.encode(cmd)
    return out
-    funcType = type(Docker.run)
+
-    Docker.run = funcType(run_bash, Docker)
+testinfra.backend.docker.DockerBackend.run = run_bash
    return Docker
@pytest.fixture
-def Docker(request, args, image, cmd):
+def host():
-    '''
+    # run a container
-    combine our fixtures into a docker run command and setup finalizer to
+    docker_id = subprocess.check_output(
-    cleanup
+        ['docker', 'run', '-t', '-d', '--cap-add=ALL', IMAGE]).decode().strip()
    '''
    assert 'docker' in check_output('id'), "Are you in the docker group?"
    docker_run = "docker run {} {} {}".format(args, image, cmd)
    docker_id = check_output(docker_run)
-    def teardown():
+    # return a testinfra connection to the container
-        check_output("docker rm -f %s", docker_id)
+    docker_host = testinfra.get_host("docker://" + docker_id)
    request.addfinalizer(teardown)
-    docker_container = testinfra.get_backend("docker://" + docker_id)
+    yield docker_host
-    docker_container.id = docker_id
+    # at the end of the test suite, destroy the container
-    return docker_container
+    subprocess.check_call(['docker', 'rm', '-f', docker_id])
@pytest.fixture
 def args(request):
    '''
    -t became required when tput began being used
    '''
    return '-t -d'
@pytest.fixture(params=['debian', 'centos', 'fedora'])
 def tag(request):
    '''
    consumed by image to make the test matrix
    '''
    return request.param
@pytest.fixture()
 def image(request, tag):
    '''
    built by test_000_build_containers.py
    '''
    return 'pytest_pihole:{}'.format(tag)
@pytest.fixture()
 def cmd(request):
    '''
    default to doing nothing by tailing null, but don't exit
    '''
    return 'tail -f /dev/null'
 # Helper functions
@@ -100,7 +56,7 @@ def mock_command(script, args, container):
    in unit tests
    '''
    full_script_path = '/usr/local/bin/{}'.format(script)
-    mock_script = dedent('''\
+    mock_script = dedent(r'''\
    #!/bin/bash -e
    echo "\$0 \$@" >> /var/log/{script}
    case "\$1" in'''.format(script=script))
@@ -121,13 +77,75 @@ def mock_command(script, args, container):
                                         scriptlog=script))
 def mock_command_passthrough(script, args, container):
    '''
    Per other mock_command* functions, allows intercepting of commands we don't want to run for real
    in unit tests, however also allows only specific arguments to be mocked. Anything not defined will
    be passed through to the actual command.
    Example use-case: mocking `git pull` but still allowing `git clone` to work as intended
    '''
    orig_script_path = container.check_output('command -v {}'.format(script))
    full_script_path = '/usr/local/bin/{}'.format(script)
    mock_script = dedent(r'''\
    #!/bin/bash -e
    echo "\$0 \$@" >> /var/log/{script}
    case "\$1" in'''.format(script=script))
    for k, v in args.items():
        case = dedent('''
        {arg})
        echo {res}
        exit {retcode}
        ;;'''.format(arg=k, res=v[0], retcode=v[1]))
        mock_script += case
    mock_script += dedent(r'''
    *)
    {orig_script_path} "\$@"
    ;;'''.format(orig_script_path=orig_script_path))
    mock_script += dedent('''
    esac''')
    container.run('''
    cat <<EOF> {script}\n{content}\nEOF
    chmod +x {script}
    rm -f /var/log/{scriptlog}'''.format(script=full_script_path,
                                         content=mock_script,
                                         scriptlog=script))
 def mock_command_run(script, args, container):
    '''
    Allows for setup of commands we don't really want to have to run for real
    in unit tests
    '''
    full_script_path = '/usr/local/bin/{}'.format(script)
    mock_script = dedent(r'''\
    #!/bin/bash -e
    echo "\$0 \$@" >> /var/log/{script}
    case "\$1 \$2" in'''.format(script=script))
    for k, v in args.items():
        case = dedent('''
        \"{arg}\")
        echo {res}
        exit {retcode}
        ;;'''.format(arg=k, res=v[0], retcode=v[1]))
        mock_script += case
    mock_script += dedent('''
    esac''')
    container.run('''
    cat <<EOF> {script}\n{content}\nEOF
    chmod +x {script}
    rm -f /var/log/{scriptlog}'''.format(script=full_script_path,
                                         content=mock_script,
                                         scriptlog=script))
 def mock_command_2(script, args, container):
    '''
    Allows for setup of commands we don't really want to have to run for real
    in unit tests
    '''
    full_script_path = '/usr/local/bin/{}'.format(script)
-    mock_script = dedent('''\
+    mock_script = dedent(r'''\
    #!/bin/bash -e
    echo "\$0 \$@" >> /var/log/{script}
    case "\$1 \$2" in'''.format(script=script))
--- a/test/requirements.txt
+++ b/test/requirements.txt
@@ -0,0 +1,6 @@
 docker-compose
 pytest
 pytest-xdist
 pytest-cov
 pytest-testinfra
 tox
--- a/test/setup.py
+++ b/test/setup.py
--- a/test/test_000_build_containers.py
+++ b/test/test_000_build_containers.py
@@ -1,23 +0,0 @@
 ''' This file starts with 000 to make it run first '''
 import pytest
 import testinfra
 run_local = testinfra.get_backend(
    "local://"
 ).get_module("Command").run
@pytest.mark.parametrize("image,tag", [
    ('test/debian.Dockerfile', 'pytest_pihole:debian'),
    ('test/centos.Dockerfile', 'pytest_pihole:centos'),
    ('test/fedora.Dockerfile', 'pytest_pihole:fedora'),
 ])
 # mark as 'build_stage' so we can ensure images are build first when tests
 # are executed in parallel. (not required when tests are executed serially)
@pytest.mark.build_stage
 def test_build_pihole_image(image, tag):
    build_cmd = run_local('docker build -f {} -t {} .'.format(image, tag))
    if build_cmd.rc != 0:
        print(build_cmd.stdout)
        print(build_cmd.stderr)
    assert build_cmd.rc == 0
--- a/test/test_any_automated_install.py
+++ b/test/test_any_automated_install.py
--- a/test/test_any_utils.py
+++ b/test/test_any_utils.py
@@ -0,0 +1,38 @@
 def test_key_val_replacement_works(host):
    ''' Confirms addOrEditKeyValPair provides the expected output '''
    host.run('''
    source /opt/pihole/utils.sh
    addOrEditKeyValPair "KEY_ONE" "value1" "./testoutput"
    addOrEditKeyValPair "KEY_TWO" "value2" "./testoutput"
    addOrEditKeyValPair "KEY_ONE" "value3" "./testoutput"
    addOrEditKeyValPair "KEY_FOUR" "value4" "./testoutput"
    ''')
    output = host.run('''
    cat ./testoutput
    ''')
    expected_stdout = 'KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n'
    assert expected_stdout == output.stdout
 def test_getFTLAPIPort_default(host):
    ''' Confirms getFTLAPIPort returns the default API port '''
    output = host.run('''
    source /opt/pihole/utils.sh
    getFTLAPIPort
    ''')
    expected_stdout = '4711\n'
    assert expected_stdout == output.stdout
 def test_getFTLAPIPort_custom(host):
    ''' Confirms getFTLAPIPort returns a custom API port in a custom PORTFILE location '''
    host.run('''
    echo "PORTFILE=/tmp/port.file" > /etc/pihole/pihole-FTL.conf
    echo "1234" > /tmp/port.file
    ''')
    output = host.run('''
    source /opt/pihole/utils.sh
    getFTLAPIPort
    ''')
    expected_stdout = '1234\n'
    assert expected_stdout == output.stdout
--- a/test/test_automated_install.py
+++ b/test/test_automated_install.py
@@ -1,490 +0,0 @@
 from textwrap import dedent
 import re
 from .conftest import (
    SETUPVARS,
    tick_box,
    info_box,
    cross_box,
    mock_command,
    mock_command_2,
    run_script
 )
 def test_supported_operating_system(Pihole):
    '''
    confirm installer exists on unsupported distribution
    '''
    # break supported package managers to emulate an unsupported distribution
    Pihole.run('rm -rf /usr/bin/apt-get')
    Pihole.run('rm -rf /usr/bin/rpm')
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    expected_stdout = cross_box + ' OS distribution not supported'
    assert expected_stdout in distro_check.stdout
    # assert distro_check.rc == 1
 def test_setupVars_are_sourced_to_global_scope(Pihole):
    '''
    currently update_dialogs sources setupVars with a dot,
    then various other functions use the variables.
    This confirms the sourced variables are in scope between functions
    '''
    setup_var_file = 'cat <<EOF> /etc/pihole/setupVars.conf\n'
    for k, v in SETUPVARS.items():
        setup_var_file += "{}={}\n".format(k, v)
    setup_var_file += "EOF\n"
    Pihole.run(setup_var_file)
    script = dedent('''\
    set -e
    printSetupVars() {
        # Currently debug test function only
        echo "Outputting sourced variables"
        echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
        echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
        echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
        echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
        echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
    }
    update_dialogs() {
        . /etc/pihole/setupVars.conf
    }
    update_dialogs
    printSetupVars
    ''')
    output = run_script(Pihole, script).stdout
    for k, v in SETUPVARS.items():
        assert "{}={}".format(k, v) in output
 def test_setupVars_saved_to_file(Pihole):
    '''
    confirm saved settings are written to a file for future updates to re-use
    '''
    # dedent works better with this and padding matching script below
    set_setup_vars = '\n'
    for k, v in SETUPVARS.items():
        set_setup_vars += "    {}={}\n".format(k, v)
    Pihole.run(set_setup_vars).stdout
    script = dedent('''\
    set -e
    echo start
    TERM=xterm
    source /opt/pihole/basic-install.sh
    {}
    mkdir -p /etc/dnsmasq.d
    version_check_dnsmasq
    echo "" > /etc/pihole/pihole-FTL.conf
    finalExports
    cat /etc/pihole/setupVars.conf
    '''.format(set_setup_vars))
    output = run_script(Pihole, script).stdout
    for k, v in SETUPVARS.items():
        assert "{}={}".format(k, v) in output
 def test_selinux_not_detected(Pihole):
    '''
    confirms installer continues when SELinux configuration file does not exist
    '''
    check_selinux = Pihole.run('''
    rm -f /etc/selinux/config
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
    expected_stdout = info_box + ' SELinux not detected'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0
 def test_installPiholeWeb_fresh_install_no_errors(Pihole):
    '''
    confirms all web page assets from Core repo are installed on a fresh build
    '''
    installWeb = Pihole.run('''
    source /opt/pihole/basic-install.sh
    installPiholeWeb
    ''')
    expected_stdout = info_box + ' Installing blocking page...'
    assert expected_stdout in installWeb.stdout
    expected_stdout = tick_box + (' Creating directory for blocking page, '
                                  'and copying files')
    assert expected_stdout in installWeb.stdout
    expected_stdout = info_box + ' Backing up index.lighttpd.html'
    assert expected_stdout in installWeb.stdout
    expected_stdout = ('No default index.lighttpd.html file found... '
                       'not backing up')
    assert expected_stdout in installWeb.stdout
    expected_stdout = tick_box + ' Installing sudoer file'
    assert expected_stdout in installWeb.stdout
    web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
    assert 'index.php' in web_directory
    assert 'blockingpage.css' in web_directory
 def test_update_package_cache_success_no_errors(Pihole):
    '''
    confirms package cache was updated without any errors
    '''
    updateCache = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    update_package_cache
    ''')
    expected_stdout = tick_box + ' Update local cache of available packages'
    assert expected_stdout in updateCache.stdout
    assert 'error' not in updateCache.stdout.lower()
 def test_update_package_cache_failure_no_errors(Pihole):
    '''
    confirms package cache was not updated
    '''
    mock_command('apt-get', {'update': ('', '1')}, Pihole)
    updateCache = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    update_package_cache
    ''')
    expected_stdout = cross_box + ' Update local cache of available packages'
    assert expected_stdout in updateCache.stdout
    assert 'Error: Unable to update package cache.' in updateCache.stdout
 def test_FTL_detect_aarch64_no_errors(Pihole):
    '''
    confirms only aarch64 package is downloaded for FTL engine
    '''
    # mock uname to return aarch64 platform
    mock_command('uname', {'-m': ('aarch64', '0')}, Pihole)
    # mock ldd to respond with aarch64 shared library
    mock_command(
        'ldd',
        {
            '/bin/ls': (
                '/lib/ld-linux-aarch64.so.1',
                '0'
            )
        },
        Pihole
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + ' Detected ARM-aarch64 architecture'
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in detectPlatform.stdout
 def test_FTL_detect_armv6l_no_errors(Pihole):
    '''
    confirms only armv6l package is downloaded for FTL engine
    '''
    # mock uname to return armv6l platform
    mock_command('uname', {'-m': ('armv6l', '0')}, Pihole)
    # mock ldd to respond with aarch64 shared library
    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + (' Detected ARM-hf architecture '
                                  '(armv6 or lower)')
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in detectPlatform.stdout
 def test_FTL_detect_armv7l_no_errors(Pihole):
    '''
    confirms only armv7l package is downloaded for FTL engine
    '''
    # mock uname to return armv7l platform
    mock_command('uname', {'-m': ('armv7l', '0')}, Pihole)
    # mock ldd to respond with aarch64 shared library
    mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + ' Detected ARM-hf architecture (armv7+)'
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in detectPlatform.stdout
 def test_FTL_detect_x86_64_no_errors(Pihole):
    '''
    confirms only x86_64 package is downloaded for FTL engine
    '''
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = info_box + ' FTL Checks...'
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + ' Detected x86_64 architecture'
    assert expected_stdout in detectPlatform.stdout
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in detectPlatform.stdout
 def test_FTL_detect_unknown_no_errors(Pihole):
    ''' confirms only generic package is downloaded for FTL engine '''
    # mock uname to return generic platform
    mock_command('uname', {'-m': ('mips', '0')}, Pihole)
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    ''')
    expected_stdout = 'Not able to detect architecture (unknown: mips)'
    assert expected_stdout in detectPlatform.stdout
 def test_FTL_download_aarch64_no_errors(Pihole):
    '''
    confirms only aarch64 package is downloaded for FTL engine
    '''
    # mock whiptail answers and ensure installer dependencies
    mock_command('whiptail', {'*': ('', '0')}, Pihole)
    Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    install_dependent_packages ${INSTALLER_DEPS[@]}
    ''')
    download_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    FTLinstall "pihole-FTL-aarch64-linux-gnu"
    ''')
    expected_stdout = tick_box + ' Downloading and Installing FTL'
    assert expected_stdout in download_binary.stdout
    assert 'error' not in download_binary.stdout.lower()
 def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
    '''
    confirms FTL binary is copied and functional in installed location
    '''
    installed_binary = Pihole.run('''
    source /opt/pihole/basic-install.sh
    create_pihole_user
    funcOutput=$(get_binary_name)
    binary="pihole-FTL${funcOutput##*pihole-FTL}"
    theRest="${funcOutput%pihole-FTL*}"
    FTLdetect "${binary}" "${theRest}"
    pihole-FTL version
    ''')
    expected_stdout = 'v'
    assert expected_stdout in installed_binary.stdout
 # def test_FTL_support_files_installed(Pihole):
 #     '''
 #     confirms FTL support files are installed
 #     '''
 #     support_files = Pihole.run('''
 #     source /opt/pihole/basic-install.sh
 #     FTLdetect
 #     stat -c '%a %n' /var/log/pihole-FTL.log
 #     stat -c '%a %n' /run/pihole-FTL.port
 #     stat -c '%a %n' /run/pihole-FTL.pid
 #     ls -lac /run
 #     ''')
 #     assert '644 /run/pihole-FTL.port' in support_files.stdout
 #     assert '644 /run/pihole-FTL.pid' in support_files.stdout
 #     assert '644 /var/log/pihole-FTL.log' in support_files.stdout
 def test_IPv6_only_link_local(Pihole):
    '''
    confirms IPv6 blocking is disabled for Link-local address
    '''
    # mock ip -6 address to return Link-local address
    mock_command_2(
        'ip',
        {
            '-6 address': (
                'inet6 fe80::d210:52fa:fe00:7ad7/64 scope link',
                '0'
            )
        },
        Pihole
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    useIPv6dialog
    ''')
    expected_stdout = ('Unable to find IPv6 ULA/GUA address, '
                       'IPv6 adblocking will not be enabled')
    assert expected_stdout in detectPlatform.stdout
 def test_IPv6_only_ULA(Pihole):
    '''
    confirms IPv6 blocking is enabled for ULA addresses
    '''
    # mock ip -6 address to return ULA address
    mock_command_2(
        'ip',
        {
            '-6 address': (
                'inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global',
                '0'
            )
        },
        Pihole
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    useIPv6dialog
    ''')
    expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
    assert expected_stdout in detectPlatform.stdout
 def test_IPv6_only_GUA(Pihole):
    '''
    confirms IPv6 blocking is enabled for GUA addresses
    '''
    # mock ip -6 address to return GUA address
    mock_command_2(
        'ip',
        {
            '-6 address': (
                'inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global',
                '0'
            )
        },
        Pihole
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    useIPv6dialog
    ''')
    expected_stdout = 'Found IPv6 GUA address, using it for blocking IPv6 ads'
    assert expected_stdout in detectPlatform.stdout
 def test_IPv6_GUA_ULA_test(Pihole):
    '''
    confirms IPv6 blocking is enabled for GUA and ULA addresses
    '''
    # mock ip -6 address to return GUA and ULA addresses
    mock_command_2(
        'ip',
        {
            '-6 address': (
                'inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global\n'
                'inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global',
                '0'
            )
        },
        Pihole
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    useIPv6dialog
    ''')
    expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
    assert expected_stdout in detectPlatform.stdout
 def test_IPv6_ULA_GUA_test(Pihole):
    '''
    confirms IPv6 blocking is enabled for GUA and ULA addresses
    '''
    # mock ip -6 address to return ULA and GUA addresses
    mock_command_2(
        'ip',
        {
            '-6 address': (
                'inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global\n'
                'inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global',
                '0'
            )
        },
        Pihole
    )
    detectPlatform = Pihole.run('''
    source /opt/pihole/basic-install.sh
    useIPv6dialog
    ''')
    expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
    assert expected_stdout in detectPlatform.stdout
 def test_validate_ip_valid(Pihole):
    '''
    Given a valid IP address, valid_ip returns success
    '''
    output = Pihole.run('''
    source /opt/pihole/basic-install.sh
    valid_ip "192.168.1.1"
    ''')
    assert output.rc == 0
 def test_validate_ip_invalid_octet(Pihole):
    '''
    Given an invalid IP address (large octet), valid_ip returns an error
    '''
    output = Pihole.run('''
    source /opt/pihole/basic-install.sh
    valid_ip "1092.168.1.1"
    ''')
    assert output.rc == 1
 def test_validate_ip_invalid_letters(Pihole):
    '''
    Given an invalid IP address (contains letters), valid_ip returns an error
    '''
    output = Pihole.run('''
    source /opt/pihole/basic-install.sh
    valid_ip "not an IP"
    ''')
    assert output.rc == 1
--- a/test/test_centos_7_support.py
+++ b/test/test_centos_7_support.py
@@ -0,0 +1,63 @@
 from .conftest import (
    tick_box,
    info_box,
    mock_command,
 )
 def test_php_upgrade_default_optout_centos_eq_7(host):
    '''
    confirms the default behavior to opt-out of installing PHP7 from REMI
    '''
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in package_manager_detect.stdout
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
 def test_php_upgrade_user_optout_centos_eq_7(host):
    '''
    confirms installer behavior when user opt-out of installing PHP7 from REMI
    (php not currently installed)
    '''
    # Whiptail dialog returns Cancel for user prompt
    mock_command('whiptail', {'*': ('', '1')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in package_manager_detect.stdout
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
 def test_php_upgrade_user_optin_centos_eq_7(host):
    '''
    confirms installer behavior when user opt-in to installing PHP7 from REMI
    (php not currently installed)
    '''
    # Whiptail dialog returns Continue for user prompt
    mock_command('whiptail', {'*': ('', '0')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    assert 'opt-out' not in package_manager_detect.stdout
    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
                                  '(https://rpms.remirepo.net)')
    assert expected_stdout in package_manager_detect.stdout
    expected_stdout = tick_box + (' Remi\'s RPM repository has '
                                  'been enabled for PHP7')
    assert expected_stdout in package_manager_detect.stdout
    remi_package = host.package('remi-release')
    assert remi_package.is_installed
--- a/test/test_centos_8_support.py
+++ b/test/test_centos_8_support.py
@@ -0,0 +1,68 @@
 from .conftest import (
    tick_box,
    info_box,
    mock_command,
 )
 def test_php_upgrade_default_continue_centos_gte_8(host):
    '''
    confirms the latest version of CentOS continues / does not optout
    (should trigger on CentOS7 only)
    '''
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
                                    ' Deprecated PHP may be in use.')
    assert unexpected_stdout not in package_manager_detect.stdout
    # ensure remi was not installed on latest CentOS
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
 def test_php_upgrade_user_optout_skipped_centos_gte_8(host):
    '''
    confirms installer skips user opt-out of installing PHP7 from REMI on
    latest CentOS (should trigger on CentOS7 only)
    (php not currently installed)
    '''
    # Whiptail dialog returns Cancel for user prompt
    mock_command('whiptail', {'*': ('', '1')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    unexpected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS.'
                                    ' Deprecated PHP may be in use.')
    assert unexpected_stdout not in package_manager_detect.stdout
    # ensure remi was not installed on latest CentOS
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
 def test_php_upgrade_user_optin_skipped_centos_gte_8(host):
    '''
    confirms installer skips user opt-in to installing PHP7 from REMI on
    latest CentOS (should trigger on CentOS7 only)
    (php not currently installed)
    '''
    # Whiptail dialog returns Continue for user prompt
    mock_command('whiptail', {'*': ('', '0')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    assert 'opt-out' not in package_manager_detect.stdout
    unexpected_stdout = info_box + (' Enabling Remi\'s RPM repository '
                                    '(https://rpms.remirepo.net)')
    assert unexpected_stdout not in package_manager_detect.stdout
    unexpected_stdout = tick_box + (' Remi\'s RPM repository has '
                                    'been enabled for PHP7')
    assert unexpected_stdout not in package_manager_detect.stdout
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
--- a/test/test_centos_common_support.py
+++ b/test/test_centos_common_support.py
@@ -0,0 +1,125 @@
 import pytest
 from .conftest import (
    tick_box,
    info_box,
    cross_box,
    mock_command,
 )
 def test_release_supported_version_check_centos(host):
    '''
    confirms installer exits on unsupported releases of CentOS
    '''
    # modify /etc/redhat-release to mock an unsupported CentOS release
    host.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    expected_stdout = cross_box + (' CentOS 6 is not supported.')
    assert expected_stdout in package_manager_detect.stdout
    expected_stdout = 'Please update to CentOS release 7 or later'
    assert expected_stdout in package_manager_detect.stdout
 def test_enable_epel_repository_centos(host):
    '''
    confirms the EPEL package repository is enabled when installed on CentOS
    '''
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    expected_stdout = info_box + (' Enabling EPEL package repository '
                                  '(https://fedoraproject.org/wiki/EPEL)')
    assert expected_stdout in package_manager_detect.stdout
    expected_stdout = tick_box + ' Installed epel-release'
    assert expected_stdout in package_manager_detect.stdout
    epel_package = host.package('epel-release')
    assert epel_package.is_installed
 def test_php_version_lt_7_detected_upgrade_default_optout_centos(host):
    '''
    confirms the default behavior to opt-out of upgrading to PHP7 from REMI
    '''
    # first we will install the default php version to test installer behavior
    php_install = host.run('yum install -y php')
    assert php_install.rc == 0
    php_package = host.package('php')
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in package_manager_detect.stdout
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
 def test_php_version_lt_7_detected_upgrade_user_optout_centos(host):
    '''
    confirms installer behavior when user opt-out to upgrade to PHP7 via REMI
    '''
    # first we will install the default php version to test installer behavior
    php_install = host.run('yum install -y php')
    assert php_install.rc == 0
    php_package = host.package('php')
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
    # Whiptail dialog returns Cancel for user prompt
    mock_command('whiptail', {'*': ('', '1')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in package_manager_detect.stdout
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
 def test_php_version_lt_7_detected_upgrade_user_optin_centos(host):
    '''
    confirms installer behavior when user opt-in to upgrade to PHP7 via REMI
    '''
    # first we will install the default php version to test installer behavior
    php_install = host.run('yum install -y php')
    assert php_install.rc == 0
    php_package = host.package('php')
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
    # Whiptail dialog returns Continue for user prompt
    mock_command('whiptail', {'*': ('', '0')}, host)
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    install_dependent_packages PIHOLE_WEB_DEPS[@]
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout not in package_manager_detect.stdout
    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
                                  '(https://rpms.remirepo.net)')
    assert expected_stdout in package_manager_detect.stdout
    expected_stdout = tick_box + (' Remi\'s RPM repository has '
                                  'been enabled for PHP7')
    assert expected_stdout in package_manager_detect.stdout
    remi_package = host.package('remi-release')
    assert remi_package.is_installed
    updated_php_package = host.package('php')
    updated_php_version = updated_php_package.version.split('.')[0]
    assert int(updated_php_version) == 7
--- a/test/test_centos_fedora_common_support.py
+++ b/test/test_centos_fedora_common_support.py
@@ -0,0 +1,65 @@
 from .conftest import (
    tick_box,
    cross_box,
    mock_command,
 )
 def mock_selinux_config(state, host):
    '''
    Creates a mock SELinux config file with expected content
    '''
    # validate state string
    valid_states = ['enforcing', 'permissive', 'disabled']
    assert state in valid_states
    # getenforce returns the running state of SELinux
    mock_command('getenforce', {'*': (state.capitalize(), '0')}, host)
    # create mock configuration with desired content
    host.run('''
    mkdir /etc/selinux
    echo "SELINUX={state}" > /etc/selinux/config
    '''.format(state=state.lower()))
 def test_selinux_enforcing_exit(host):
    '''
    confirms installer prompts to exit when SELinux is Enforcing by default
    '''
    mock_selinux_config("enforcing", host)
    check_selinux = host.run('''
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
    expected_stdout = cross_box + ' Current SELinux: Enforcing'
    assert expected_stdout in check_selinux.stdout
    expected_stdout = 'SELinux Enforcing detected, exiting installer'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 1
 def test_selinux_permissive(host):
    '''
    confirms installer continues when SELinux is Permissive
    '''
    mock_selinux_config("permissive", host)
    check_selinux = host.run('''
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
    expected_stdout = tick_box + ' Current SELinux: Permissive'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0
 def test_selinux_disabled(host):
    '''
    confirms installer continues when SELinux is Disabled
    '''
    mock_selinux_config("disabled", host)
    check_selinux = host.run('''
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
    expected_stdout = tick_box + ' Current SELinux: Disabled'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0
--- a/test/test_centos_fedora_support.py
+++ b/test/test_centos_fedora_support.py
@@ -1,264 +0,0 @@
 import pytest
 from .conftest import (
    tick_box,
    info_box,
    cross_box,
    mock_command,
 )
 def mock_selinux_config(state, Pihole):
    '''
    Creates a mock SELinux config file with expected content
    '''
    # validate state string
    valid_states = ['enforcing', 'permissive', 'disabled']
    assert state in valid_states
    # getenforce returns the running state of SELinux
    mock_command('getenforce', {'*': (state.capitalize(), '0')}, Pihole)
    # create mock configuration with desired content
    Pihole.run('''
    mkdir /etc/selinux
    echo "SELINUX={state}" > /etc/selinux/config
    '''.format(state=state.lower()))
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
 def test_selinux_enforcing_exit(Pihole):
    '''
    confirms installer prompts to exit when SELinux is Enforcing by default
    '''
    mock_selinux_config("enforcing", Pihole)
    check_selinux = Pihole.run('''
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
    expected_stdout = cross_box + ' Current SELinux: Enforcing'
    assert expected_stdout in check_selinux.stdout
    expected_stdout = 'SELinux Enforcing detected, exiting installer'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 1
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
 def test_selinux_permissive(Pihole):
    '''
    confirms installer continues when SELinux is Permissive
    '''
    mock_selinux_config("permissive", Pihole)
    check_selinux = Pihole.run('''
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
    expected_stdout = tick_box + ' Current SELinux: Permissive'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0
@pytest.mark.parametrize("tag", [('centos'), ('fedora'), ])
 def test_selinux_disabled(Pihole):
    '''
    confirms installer continues when SELinux is Disabled
    '''
    mock_selinux_config("disabled", Pihole)
    check_selinux = Pihole.run('''
    source /opt/pihole/basic-install.sh
    checkSelinux
    ''')
    expected_stdout = tick_box + ' Current SELinux: Disabled'
    assert expected_stdout in check_selinux.stdout
    assert check_selinux.rc == 0
@pytest.mark.parametrize("tag", [('fedora'), ])
 def test_epel_and_remi_not_installed_fedora(Pihole):
    '''
    confirms installer does not attempt to install EPEL/REMI repositories
    on Fedora
    '''
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    assert distro_check.stdout == ''
    epel_package = Pihole.package('epel-release')
    assert not epel_package.is_installed
    remi_package = Pihole.package('remi-release')
    assert not remi_package.is_installed
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_release_supported_version_check_centos(Pihole):
    '''
    confirms installer exits on unsupported releases of CentOS
    '''
    # modify /etc/redhat-release to mock an unsupported CentOS release
    Pihole.run('echo "CentOS Linux release 6.9" > /etc/redhat-release')
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    expected_stdout = cross_box + (' CentOS 6 is not supported.')
    assert expected_stdout in distro_check.stdout
    expected_stdout = 'Please update to CentOS release 7 or later'
    assert expected_stdout in distro_check.stdout
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_enable_epel_repository_centos(Pihole):
    '''
    confirms the EPEL package repository is enabled when installed on CentOS
    '''
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    expected_stdout = info_box + (' Enabling EPEL package repository '
                                  '(https://fedoraproject.org/wiki/EPEL)')
    assert expected_stdout in distro_check.stdout
    expected_stdout = tick_box + ' Installed epel-release'
    assert expected_stdout in distro_check.stdout
    epel_package = Pihole.package('epel-release')
    assert epel_package.is_installed
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_php_upgrade_default_optout_centos(Pihole):
    '''
    confirms the default behavior to opt-out of installing PHP7 from REMI
    '''
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in distro_check.stdout
    remi_package = Pihole.package('remi-release')
    assert not remi_package.is_installed
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_php_upgrade_user_optout_centos(Pihole):
    '''
    confirms installer behavior when user opt-out of installing PHP7 from REMI
    (php not currently installed)
    '''
    # Whiptail dialog returns Cancel for user prompt
    mock_command('whiptail', {'*': ('', '1')}, Pihole)
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in distro_check.stdout
    remi_package = Pihole.package('remi-release')
    assert not remi_package.is_installed
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_php_upgrade_user_optin_centos(Pihole):
    '''
    confirms installer behavior when user opt-in to installing PHP7 from REMI
    (php not currently installed)
    '''
    # Whiptail dialog returns Continue for user prompt
    mock_command('whiptail', {'*': ('', '0')}, Pihole)
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    assert 'opt-out' not in distro_check.stdout
    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
                                  '(https://rpms.remirepo.net)')
    assert expected_stdout in distro_check.stdout
    expected_stdout = tick_box + (' Remi\'s RPM repository has '
                                  'been enabled for PHP7')
    assert expected_stdout in distro_check.stdout
    remi_package = Pihole.package('remi-release')
    assert remi_package.is_installed
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_php_version_lt_7_detected_upgrade_default_optout_centos(Pihole):
    '''
    confirms the default behavior to opt-out of upgrading to PHP7 from REMI
    '''
    # first we will install the default php version to test installer behavior
    php_install = Pihole.run('yum install -y php')
    assert php_install.rc == 0
    php_package = Pihole.package('php')
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in distro_check.stdout
    remi_package = Pihole.package('remi-release')
    assert not remi_package.is_installed
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_php_version_lt_7_detected_upgrade_user_optout_centos(Pihole):
    '''
    confirms installer behavior when user opt-out to upgrade to PHP7 via REMI
    '''
    # first we will install the default php version to test installer behavior
    php_install = Pihole.run('yum install -y php')
    assert php_install.rc == 0
    php_package = Pihole.package('php')
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
    # Whiptail dialog returns Cancel for user prompt
    mock_command('whiptail', {'*': ('', '1')}, Pihole)
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout in distro_check.stdout
    remi_package = Pihole.package('remi-release')
    assert not remi_package.is_installed
@pytest.mark.parametrize("tag", [('centos'), ])
 def test_php_version_lt_7_detected_upgrade_user_optin_centos(Pihole):
    '''
    confirms installer behavior when user opt-in to upgrade to PHP7 via REMI
    '''
    # first we will install the default php version to test installer behavior
    php_install = Pihole.run('yum install -y php')
    assert php_install.rc == 0
    php_package = Pihole.package('php')
    default_centos_php_version = php_package.version.split('.')[0]
    if int(default_centos_php_version) >= 7:  # PHP7 is supported/recommended
        pytest.skip("Test deprecated . Detected default PHP version >= 7")
    # Whiptail dialog returns Continue for user prompt
    mock_command('whiptail', {'*': ('', '0')}, Pihole)
    distro_check = Pihole.run('''
    source /opt/pihole/basic-install.sh
    distro_check
    install_dependent_packages PIHOLE_WEB_DEPS[@]
    ''')
    expected_stdout = info_box + (' User opt-out of PHP 7 upgrade on CentOS. '
                                  'Deprecated PHP may be in use.')
    assert expected_stdout not in distro_check.stdout
    expected_stdout = info_box + (' Enabling Remi\'s RPM repository '
                                  '(https://rpms.remirepo.net)')
    assert expected_stdout in distro_check.stdout
    expected_stdout = tick_box + (' Remi\'s RPM repository has '
                                  'been enabled for PHP7')
    assert expected_stdout in distro_check.stdout
    remi_package = Pihole.package('remi-release')
    assert remi_package.is_installed
    updated_php_package = Pihole.package('php')
    updated_php_version = updated_php_package.version.split('.')[0]
    assert int(updated_php_version) == 7
--- a/test/test_fedora_support.py
+++ b/test/test_fedora_support.py
@@ -0,0 +1,16 @@
 def test_epel_and_remi_not_installed_fedora(host):
    '''
    confirms installer does not attempt to install EPEL/REMI repositories
    on Fedora
    '''
    package_manager_detect = host.run('''
    source /opt/pihole/basic-install.sh
    package_manager_detect
    select_rpm_php
    ''')
    assert package_manager_detect.stdout == ''
    epel_package = host.package('epel-release')
    assert not epel_package.is_installed
    remi_package = host.package('remi-release')
    assert not remi_package.is_installed
--- a/test/test_shellcheck.py
+++ b/test/test_shellcheck.py
@@ -1,18 +0,0 @@
 import testinfra
 run_local = testinfra.get_backend(
    "local://"
 ).get_module("Command").run
 def test_scripts_pass_shellcheck():
    '''
    Make sure shellcheck does not find anything wrong with our shell scripts
    '''
    shellcheck = ("find . -type f -name 'update.sh' "
                  "| while read file; do "
                  "shellcheck -x \"$file\" -e SC1090,SC1091; "
                  "done;")
    results = run_local(shellcheck)
    print(results.stdout)
    assert '' == results.stdout
--- a/test/tox.centos_7.ini
+++ b/test/tox.centos_7.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _centos_7.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_7_support.py
--- a/test/tox.centos_8.ini
+++ b/test/tox.centos_8.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _centos_8.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py ./test_centos_8_support.py
--- a/test/tox.debian_10.ini
+++ b/test/tox.debian_10.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _debian_10.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.debian_11.ini
+++ b/test/tox.debian_11.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _debian_11.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.debian_9.ini
+++ b/test/tox.debian_9.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _debian_9.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.fedora_33.ini
+++ b/test/tox.fedora_33.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _fedora_33.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_fedora_support.py
--- a/test/tox.fedora_34.ini
+++ b/test/tox.fedora_34.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _fedora_34.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_fedora_support.py
--- a/test/tox.ubuntu_16.ini
+++ b/test/tox.ubuntu_16.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _ubuntu_16.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.ubuntu_18.ini
+++ b/test/tox.ubuntu_18.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _ubuntu_18.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.ubuntu_20.ini
+++ b/test/tox.ubuntu_20.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _ubuntu_20.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/test/tox.ubuntu_21.ini
+++ b/test/tox.ubuntu_21.ini
@@ -0,0 +1,8 @@
 [tox]
 envlist = py38
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f _ubuntu_21.Dockerfile -t pytest_pihole:test_container ../
           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py
--- a/tox.ini
+++ b/tox.ini
@@ -1,10 +0,0 @@
 [tox]
 envlist = py36
 [testenv]
 whitelist_externals = docker
 deps = -rrequirements.txt
 commands = docker build -f test/debian.Dockerfile -t pytest_pihole:debian .
           docker build -f test/centos.Dockerfile -t pytest_pihole:centos .
           docker build -f test/fedora.Dockerfile -t pytest_pihole:fedora .
           pytest {posargs:-vv -n auto} -m "not build_stage" ./test/
		`@@ -0,0 +1,2 @@`
							`#; Pi-hole FTL config file`
							`#; Comments should start with #; to avoid issues with PHP and bash reading this file`