Introduce host CA certificate propagation in the shared LXC build flow so containers can trust enterprise/private PKI roots during early package bootstrap. Add an advanced-install toggle with default auto behavior so unattended installs remain seamless while interactive users can explicitly opt out.
Allow users to set var_ignore_disable=true to continue past the 'script disabled' guard in runtime_script_status_guard(). A warning is still shown, but execution continues instead of aborting. Deleted scripts remain a hard stop.
* Add runtime script status guard and deleted-script stubs.
Prevent disabled/deleted scripts from running updates with clear user messages, and ensure deleted ct scripts are stubbed automatically so legacy update commands no longer fail with 404.
* Delete ct/ente.sh
* Update booklore.sh
* misc scripts: add support for arm64
* Replace tools.func call that checks arch
* Update misc/build.func
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
* Update misc/build.func
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
* Update misc/build.func
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
* Update misc/build.func
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
* build.func: change back to VE
* build.func: remove arm64 support for focal, bullseye
Legacy support removed since no cts use them anymore.
* Improve arm64 support and arch-specific downloads
Add clearer architecture error messages and gate arm64 usage, plus implement architecture-aware behavior across the toolkit. Changes include: update exit-code messages to reference amd64/arm64, refuse arm64 unless explicitly enabled, show architecture in summaries, and use arch-specific package lists when installing in containers. Make downloads for FFmpeg and yq choose the correct amd64/arm64 binaries, tighten template download error handling and formatting, and clean up minor whitespace/comment issues. These changes aim to make arm64 handling explicit and downloads/installations more robust for non-amd64 systems.
* remove arm64 overlay
* update ifupdown2 source
* Revert "remove arm64 overlay"
This reverts commit 231945dfa7.
* Revert changes from "Improve arm64 support and arch-specific downloads"
* Reapply "Improve arm64 support and arch-specific downloads"
This reapplies commit 7c051fb648.
* Reapply "remove arm64 overlay"
This reverts commit 866b6950c0.
* Redo template name handling
* fix template name handling change
* add ensure_whiptail function
This is required as some arm64 systems will not have whiptail installed, as it is not installed by default.
* add arm64_notice function
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* fix for copilot detected bugs
---------
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
* fix: derive LXC banner OS from os-release
Read os-release at login time for the generated LXC banner so OS display stays accurate after template changes or in-place upgrades. Prefer PRETTY_NAME with safe fallbacks to NAME, template defaults, and Unknown OS while preserving existing banner formatting.
Co-authored-by: Cursor <cursoragent@cursor.com>
* refactor: simplify dynamic LXC banner OS resolution
Reduce banner OS rendering to a minimal runtime os-release read with PRETTY_NAME/NAME fallbacks and Unknown OS default. Remove redundant OS rewrites from update_motd_ip now that OS display is resolved dynamically at login.
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
* feat(update-apps): add var_continue_on_error and TERM=dumb fix
- Add var_continue_on_error=yes to skip failed containers instead
of aborting all remaining updates. Useful for cron/unattended runs
where one disabled or broken script should not stop others.
Containers with backup still attempt restore on failure regardless.
- Set TERM=dumb when running pct exec to prevent whiptail from
hanging when no TTY is available (e.g. cron jobs redirecting
stdout/stderr). This causes whiptail to fail-fast instead of
blocking indefinitely.
- Add var_continue_on_error to export_config_json, --help output,
and usage examples (cron-style invocation example added).
* feat(update-apps): add var_dry_run to check updates without applying
Adds dry-run mode (var_dry_run=yes) that reports available updates for
all selected containers without modifying anything:
- Extracts GitHub source repo from the ct script header (# Source:)
- Resolves the version file name from check_for_gh_release app arg
- Reads current installed version from ~/.appname inside the container
- Queries GitHub API /releases/latest for comparison
- Outputs color-coded status: up-to-date (green), update available (yellow),
or unknown (blue/yellow with reason)
Non-GitHub sources (Codeberg, custom URLs) are skipped with a notice.
Resource scaling is suppressed entirely during dry-run.
Example usage:
var_container=all_running var_skip_confirm=yes var_dry_run=yes \
bash -c "$(curl -fsSL .../update-apps.sh)"
* fix(update-apps): dry-run uses check_for_gh_release args, not Source header
The # Source: header can point to a different repo than what
check_for_gh_release actually queries (e.g. RustDesk uses
lejianwen fork, not official rustdesk repo).
Now parse both app name and source repo directly from the
check_for_gh_release call in the ct script:
check_for_gh_release "appname" "owner/repo"
Also fix $HOME/.appname path expansion in pct exec context.
* fix issue on clear()
* feat(update-apps): add no-op clear wrapper to PATH for update scripts
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): enhance error handling for unattended mode in resource checks
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): implement structured logging and summary report for updates
Co-authored-by: Copilot <copilot@github.com>
* fix log issue
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): enhance dry-run functionality and logging for container updates
Co-authored-by: Copilot <copilot@github.com>
* feat(update-apps): add dry-run completion message for better user feedback
Co-authored-by: Copilot <copilot@github.com>
---------
Co-authored-by: Copilot <copilot@github.com>
* fix(lxc-stack): use dist-upgrade and improve recovery prompt
When the host LXC stack is too old for a template, upgrading only
pve-container/lxc-pve can leave the Proxmox stack in an inconsistent state.
Use a full dist-upgrade instead.
Also refine the recovery prompt:
- [1] Upgrade LXC stack now
- [2] Older template fallback only when actually available
- [3] Ignore
- [4] Cancel
Do not auto-fallback to an older template after ignore/failure; honor the
user's explicit choice and stop with a clear error instead.
* chore(lxc-stack-prompt): clarify host dist-upgrade action in option 1
* Update build.func
* fix(lxc-stack): use host upgrade instead of dist-upgrade in recovery flow
* Enhance upgrade prompt with warning message
Added a warning message to inform users about the implications of running the host upgrade.
---------
Co-authored-by: Michel Roegl-Brunner <73236783+michelroegl-brunner@users.noreply.github.com>
When PHS_SILENT and PHS_VERBOSE are both set, stop falling back to interactive mode. Changes prefer silent mode to keep automation safe and avoid blocking unattended/non-TTY updates. Only show a whiptail warning when both stdin/stdout are TTYs and whiptail is present, and ignore any whiptail errors. Added a brief comment and adjusted the fallback message accordingly.
* fix(build.func): pct create audit — 5 fixes
1. Disable globbing (set -f) around pct create calls to prevent
passwords containing * or ? from expanding to filenames.
2. Fix TAGS: use semicolons (pct format), prevent duplicate
community-script prefix, remove trailing separator.
3. Skip keyctl dialog for unprivileged containers — pct always
forces keyctl=1 for CT_TYPE=1, so the dialog was misleading.
4. Remove dead IPV6_STATIC variable (IPv6 is handled via
IPV6_ADDR/IPV6_GATE which are properly wired into NET_STRING).
5. Remove dead UDHCPC_FIX variable — set and exported but never
consumed by any install script.
* Update api.func
User input like 'nfs, cifs' or 'nfs,' would produce invalid pct
features strings like 'mount=nfs; cifs' (space breaks pct argument
parsing) or 'mount=nfs;' (trailing semicolon). Fixes:
- Whiptail dialog (Step 27): normalize input immediately after entry
- load_vars_file validation: normalize before regex check, use
stricter regex that rejects trailing/leading commas
- FEATURES construction: defensive sanitize before building the
mount= value (strip spaces, trailing commas/semicolons)
All three layers ensure 'nfs, cifs' -> 'nfs,cifs' -> 'mount=nfs;cifs'
* fix(core): remove unused TEMP_DIR mktemp leak in build_container
The build_container() function created a temp directory via mktemp -d and
pushd into it, but never popd or rm -rf. The directory was not used for
anything — FUNCTIONS_FILE_PATH is downloaded into a variable, not a file.
Remove the mktemp -d and pushd entirely to eliminate the leak.
* fix(sonarqube): clean up temp file after zip extraction
The SonarQube update function (ct/sonarqube.sh) never deleted the
downloaded zip file (~200-500 MB) from /tmp after extraction. On LXC
containers with 4-8 GB disks, this accumulates with every update and
can eventually fill the disk.
Also add explicit cleanup in the install script instead of relying
solely on cleanup_lxc() pattern matching.
* fix(tools): prevent script crash when entering GitHub token after rate limit
fetch_and_deploy_gh_release set attempt=0 after accepting a token, then
immediately ran ((0++)) which evaluates to 0 (falsy) causing exit code 1
and killing the script under set -e.
Fix: set attempt=1 and continue to restart the retry loop cleanly,
giving the full max_retries budget with the new token.
Also fix fetch_and_deploy_codeberg_release: replace ((attempt++)) with
attempt=\ to avoid the same zero-evaluation crash on
the first connection timeout (attempt starts at 0 in that loop).
Fixes#13635
* feat(tools): add var_github_token support with token validation
- Add var_github_token to all VAR_WHITELIST arrays in build.func so the
token can be set via default.vars, app.vars, or environment variable
- Map var_github_token -> GITHUB_TOKEN in default_var_settings() (env
variable takes precedence over the var file value)
- Add commented var_github_token example to the default.vars template
- Add validate_github_token() to tools.func:
* Calls GET /user to verify the token is accepted
* Reports expiry date from x-oauth-expiry header (fine-grained PATs)
* Warns when classic PAT is missing public_repo scope
* Returns distinct exit codes: 0=valid, 1=invalid/expired, 2=no scope, 3=error
- Update prompt_for_github_token():
* Non-interactive path now picks up var_github_token automatically
* Interactive path also picks up var_github_token without prompting
* Validates token immediately after entry; loops until valid or Ctrl+C
Update LXC and VM description blocks to include donation and script page badges. Introduces script_slug, script_url and donate_url variables (derived from SCRIPT_SLUG or NSAPP/APP, normalized to lowercase and dashed) and uses them to build links. Replaces the old Ko-fi "Buy us a coffee" badge with a generic donate badge and adds an "Open Script Page" badge linking to the script detail page.
When var_gateway is set to an empty string, the resulting gw= token
in the comma-separated network string causes pct create to fail with
a 'missing key in comma-separated list property' error.
Closes#13421